What is a surefire way to mess up the security of your IoT implementation? Use the same secret for all of your devices? Allow former employees to access the devices in the system? How about leave default passwords on devices?
It turns out that there are a lot of surefire ways to mess things up. You probably assume that your security team has this figured out. Here is a not-so-secret… no one has IoT Identity figured out yet. The most advanced organizations from a security perspective have made some great strides. I have spoken to many of the organizations with significant IoT deployments over the past many years. It is clear that there is a lot to fix.
The Mirai botnet attack from two years ago, was eye-opening to some. It brought down significant web properties such as Twitter and Spotify. The webcams, routers and cable boxes that used hardcoded or default passwords were one of the key drivers of the attack. But what has changed since then? Many devices out there share the same secret between devices or use the default password. There are lots of other ways to mess up IoT Identity too.
IoT Identity Practical Advice
If you are trying to better secure your IoT implementation, we have some practical advice. I wrote a white paper on IoT Identities and Privileges. It is written from the perspective of someone who has been helping companies secure their IoT identities for years.
The white paper takes the view of real world requirements. It covers the organizational challenges often missed when discussing IoT security. Securing an IoT architecture is a shared responsibility between the providers of the infrastructure, service, platform, application and the end customer. Thinking that one organization will be able to solely manage the solution is unrealistic. That means that you need to partner with your suppliers and customers to improve the security of the IoT solution.
There are many frameworks for security and some emerging ones for IoT security. The white paper culls the key pieces of many of these frameworks to provide clear guidance on the most important things to focus on for IoT security.
It then covers many of the keys for better IoT Identity and Access Management. These include the privileged user, architecture, systems and credentials.
It concludes with six specific recommendations for better managing your IoT implementation securely.
IoT Identity White Paper
For a complimentary copy of the IoT Identity white paper, please send us an email at firstname.lastname@example.org. Please write IoT security white paper in the subject line.
We published the white paper in conjunction with our partner, Beyond Trust. We also, did a webinar on The 5 Crazy Mistakes Administrators Make with IoT System Credentials with them. It covers threats from ex-employees, credential management and more!
For help with your cybersecurity strategy to improve your company’s security posture, call Fractional CISO today. We can be reached at (617) 658-3276 or visit our website and find out how we can assist you.