The once imagined future inspired by science fiction movies has slowly turned into a reality. Door locks, vacuum cleaners, robotic toys, washing machines, and even coffee makers have now become smart. Consequently, we now have a term for anything that connects to the internet called the Internet of Things (IoT).
As the Internet of Things has really become a ‘thing’, not only households but offices are also becoming more and more IoT savvy by the day.
Enterprises are becoming mobile. Employee expectation about mobility and personal identity usability at the workplace is rising. However, with power comes great responsibility. With the rush of the IoT craze in the consumer market, many manufacturers are working to get their product to market quickly, so sometimes, security can be overlooked. These connected appliances and equipment collect data such as login credentials and behaviour i.e. use patterns of users. All of this data is collected to facilitate machine learning. Machine learning is a type of Artificial Intelligence (AI) where computers learn without being explicitly programmed by a person. These computers are programmed in a way that they focus on data that they receive. This is where the IT industry needs to understand that the user, i.e., the human element is the weakest link in security and represents the largest attack surface of an organization. In this case, rising use of personal identities at work can cause serious damage to an enterprise’s security.
This is a troubling scenario for the present structure of enterprises. It must be comprehended that as IoT provides greater convenience and functionality, the users of these devices must also be aware of the responsibilities, including their use and sharing of login credentials and passwords. IoT device makers and employers need to clearly articulate the potential risks of the practice of Bring Your Own Device (BYOD) and implement policies for the use of personal devices that access company networks and data. Rana Gupta, VP – APAC Sales, Identity and Data Protection, Gemalto says, “Almost 2 billion records were reported to be compromised in the first half of the year, as per Gemalto’s Breach Level Index. That is almost 38 per cent higher than the number of data records reported to be compromised in the entire of 2016. The reality is that breaches are not only happening but the pace of these breach incidents is growing with time.”
In The Wake of a Data Breach
However, just because breaches are happening, that cannot be enough a reason for companies to stop doing digital business or terminate using technology for their business. Those who understand the implications of identities at the workplace are embracing Enterprise Mobility Management (EMM) in addition to Identity and Access Management (IAM) technologies. Cloud access security brokers (CASBs) also prove to be very helpful in ensuring that network traffic between on-premises devices and the cloud provider complies with the organization's security policies. “Just like physical network boundaries are a thing of a gone by the era in this age of Cloud Services, resisting the adaption of IoT and BYOD is not learning from the past experiences and instead allowing the history to repeat in itself. Having said that, in order to stay competitive in the global landscape, enterprises in India are required to embrace the latest trends while keeping their data assets safe,” says Rana Gupta.
It is a matter of concern that employees use their personal credentials for work purposes. Having digital workplace is not a question of choice but it is mandatory. The practice is to identify the most sensitive data asset, applying encryption to it, and repeat that cycle with the next sensitive data asset. As no authentication method is bulletproof, one must work to prevent it in order to end the chance of any compromise. Rajpreet Kaur, Senior Research Analyst, Gartner says, “Increase the priority of current and planned investments in IAM for mobile and cloud; focus on cloud access security brokers (CASBs), identity and access management as a service (IDaaS), enterprise mobility management (EMM)-IAM integration and so on; and take a bimodal approach to IAM. Assess the organization's readiness for people-centric approaches, and lead with the elements of people-centric IAM that can add the most value to digital workplace initiatives".
An Era of IoT and BYOD
As more enterprises become mobile, the challenges keep increasing. This means all the data gets exposed to violations of privacy and this can put businesses in a position to be exposed to an enormous liability should any security breach occur. “Without proper security and support planning, BYOD program can experience cost overruns and data loss, and deliver a poor user experience. The use of "rogue" personal technology brought into the workplace to circumvent strict policies governing organization-owned devices exposes organizations to security and data leakage risks. The IoT demands a wide range of new technologies, many of which will take the enterprise into unfamiliar territory and demand new skills.” says Rajpreet Kaur.
The year 2017 has been a year of sounding the alarms about the emergence of IoT malware. The Internet of Things malware often turns the affected devices into a botnet in order to facilitate a Distributed Denial of Service (DDoS) attack. This provides hackers with the opportunity to continue using IoT devices to facilitate DDOS attacks. With such implications, enterprises have to make such security policies where they perform regular audits and aware their employees about the security implications as well.
Pertisth Mankotia, CIO, Sheela Foam says, “The structure plays the most important role in keeping the security intact. We have implemented a transparent system in our company where every employee can access their salary details via the most secure process i.e. One-Time-Password (OTP). It is the completely safe process where the mobile number of the user is linked and an OTP is sent whenever the user wishes to view the details. Such methods can be used to prevent any kind of security breach. My belief is that security should not be taken in last but it should be prioritized the most and then the systems should be designed.”
Focusing too much on convenience could mean the loss of assets while talking about security. BYOD is required as employees cannot be restricted but can be limited. IoT is an area where it is not easy to presume from where a threat can arise. So whenever thinking about IoT, think security first and how you can control those devices.