LAS VEGAS – Dell sees great potential in the Internet of Things for the line of business worker but adds it’s never too early to start thinking about how to keep all of those things secure.
The Internet of Things (IoT) is an umbrella term that refers to the growing number of sensors, connected devices and other endpoints that can be connected to a network or the Internet, feeding information back to a central database for analysis and action. In an interview with ITBusiness.ca at Dell’s annual Peak Performance security conference, Curtis Hutcheon, executive director and vice-president of Dell Security, said businesses need to be aware of IoT, and of the risks.
Dell showed Peak attendees a viral video of hackers breaking into a car’s Internet-connected sensors to take control of the vehicle remotely, forcing it off the road. It’s a real-life example that shows the risks of our increasingly connected world.
Hutcheson told ITBusiness.ca that Dell is looking to raise awareness and is just beginning to develop its own IoT practice, in which both networking and technology will play key roles. With Dell’s breadth from data centre to endpoint, Dell is in a strong position to be part of the IoT trend.
“We’re trying to build the knowledge,” said Hutcheson. “I think it’s early, though. We haven’t seen standards emerge. Our engineering team is looking at the collection of data, how do we discover these devices, how do we connect to them, and what do we do with all that data. While we have an analytics practice, we see it as an extension of our enterprise application deployment mindset.
For line of business and productivity workers, Hutcheson said live interaction and immediate access to information is going to be the primary benefit of IoT. But it’s important too that customers see value for the data they share.
“It’s going to build a tremendous about of information for people to learn about their product and their customers,” said Hutcheson. “At Dell, we know so much about what our customers are doing with firewalls because we communicate with over 500,000 of them every day that helps us protect them better. They share data back to us so there needs to be a lot of value for the customer.”
While business users wait for the benefits of IoT to come their way, Dell has identified five steps organizations should take to ensure they’re ready to ride the IoT wave.
- Put security first: “Be vigilant and ensure data is secured and encrypted from the data centre or the cloud to the endpoint and everything in between. Dell advocates a holistic approach to security that includes looking at endpoint security, network security, identity and access management, and more. Be aware of the data device vendors collect. If they are collecting data on all of their customers, this consolidated data set may be a very attractive target for hackers.”
- Research the devices: “Evaluate the IoT devices accessing and planning to access the system. Understand what they do, what data they collect and communicate, who owns the data collected from the device, where the data is being collected, and any vulnerability assessments or certifications the devices have.”
- Audit the Network: “It is critical to understand the impact of IoT on network traffic in the current ‘as-is’ state. Do an audit to understand what is currently accessing the system, when, what it does when it sees data, and what it communicates to and where. This will enable an organization to reassess its network performance and identify any changes on an ongoing basis as additional devices are knowingly or unknowingly added or removed.”
- Compartmentalize Traffic: “Employ a ‘no-trust’ policy when it comes to IoT devices. Ensure they are on a separate network segment or virtual LAN (VLAN) so they are not able to access or interfere with critical corporate data.”
- Educate Everyone: “IoT is the ‘Wild West’ and will continue to evolve and change rapidly over the coming months and years. As such, it will be critical to ensure IT, security and network teams educate themselves about the latest devices, standards, and issues. Be prepared for consolidation and emerging standards, but understand today, little of that exists as some devices have weak or no security.”