- Security TWENTY
- Women in Security Awards
William Culbert, Director of Solutions Engineering, EMEA at the access software company Bomgar explains why an access management strategy is the lynchpin to IoT enterprise security.
According to a recent Gartner report, 43 percent of organisations are using, or plan to implement, an Internet of Things (IoT) policy by the end of this year. While there are many benefits for embracing the mainstream adoption of IoT, such as improved efficiencies, cost savings and enhancing customer experience, it can also bring issues of security to the forefront.
There have been many recent examples of security breaches which have fuelled security fears and are keeping IT managers, CTOs and CISOs awake at night – from the hacking of baby monitors to remotely hijacked cars. However, one of the biggest threats to any business large or small, is understanding who has access, or the ability to access, from what devices to the infrastructure and the level of access they have.
One of the most talked about, and high profile, cases from 2013 was with US retailer Target. Hackers gained access to the Target system via a third party air-conditioning company, who was given unrestricted and unmonitored access to Target’s network. Customer credit card details were compromised, costing the company $252million and significant reputational damage. This serves as an example where tighter access management was needed and if it had been in place a costly hack could have been avoided. With the adoption of IoT, access will come in many shapes and sizes. From an MD using their laptop in the office, to a cleaner with a smartphone accessing the company’s wireless network to listen to music. The increased number of devices trying to connect to networks, means that businesses have to prioritise and control user access if they want to ensure they have the adequate security levels in place.
Privileged Access Management (PAM) solutions have been designed to help businesses manage, control and fully audit access to their networks. By implementing this additional level of security, businesses are able to easily authenticate all connectivity requests to their internal network. This ensures that no matter what individual or device is making the request, they must first be approved. They are then granted access to specified assets on the network at an agreed time. PAM will help to render the machine to machine connectivity issue that comes with the IoT void. If a device is not recognised, it will not be allowed to access the system or any information. In the case of a breach, it will become much easier to identify quickly and lock systems down. The business will be able to pinpoint the vulnerable user and the corrupted device.
Comprehensive management of devices will be the lynchpin that holds enterprise IoT security measures together. Ensuring that all devices have updated security software and are registered against users with associated levels of access will be major considerations for all businesses. It is clear that UK businesses will need to start future proofing their security posture as IoT adoption continues to progress both in corporate and mainstream life. Coupled with the fact that hackers and cybercriminals are continuing to become more prevalent and creative in their efforts, selecting the right solution that provides the management and security capabilities to support IoT strategies becomes vital.