As security migrates towards IP, devices and solutions bring additional value to users. Not only have they served their foremost function – protecting lives and assets – well, as connected devices under the IoT framework they also provide useful information that helps boost management efficiency and drive business intelligence.
The Internet of Things delivers a previously unforeseen wealth of data about our physical spaces. It is tied to security because it makes our physical world safer, more comfortable, and more user-friendly. Security devices and sensors, such as IP video cameras and access control readers, are important components in collecting information about our physical spaces beyond security-related events. When investing in a security system, other company stakeholders – that is, marketing, sales, and operations departments – can share in the cost and benefit from the system’s deployment. Therefore, there is an opportunity for security departments to evolve from a cost center to a value center for their organizations.
Examples are numerous. Retailers can benefit from consumer behavior information security devices bring. Access control and building automation integration helps with energy savings and effective management. Smart cities can better control traffic, the environment, and power usage through connected sensors and devices.
To be successful, a deployment using the IoT needs to do more than just collect a data. It needs to have a concrete way to convert that data into information, and provide insights that have business value.
By having smarter devices at the edge and using software or a platform that presents the collected data intelligently, we can ultimately provide users with valuable insights.
Yet the dark side of everything connected together is the system’s vulnerability to hacking, as underscored by various reports on intrusion into network devices.
We must recognize that as they grow in power, sensors increasingly become targets for hackers. They can act as the final target or, even worse, as a ‘Trojan horse’ to infect the broader network.Since these devices are in contact with enormous amounts of data, and may even share a physical network with the ‘normal’ network, we need to pay close attention to information security concerns.
Organizations must take a defense-in-depth approach. That way if an attacker hits a barrier at every layer, they will be less likely to go further. Such approach includes several steps, which are listed below:
- The first line of defense for data security is to use strong passwords, even for devices that are believed to be on an “isolated” network. Internal staff may inadvertently introduce malicious software to the network, or even allow access to someone posing as a service provider.
- The second line of defense is up-to-date software, and for the physical devices on the IoT, that means up-to-date firmware. Most manufacturers will quickly provide updated firmware when a specific vulnerability is disclosed to them.
- Another important defense is to protect the firmware on devices from tampering. If a hacker can gain access to a device and then load their own firmware, then they can create their own vulnerability.
Source: a&s Magazine