Don’t put the ‘d’ and second ‘i’ in IoT: How to secure devices in your biz – belt and braces • The Register
Can we run a secure organisation with this vast variety of kit to fend with? Depends what you mean by “secure”. If you mean “so nobody can hack it”, then no: even with a minimal set of tightly configured, rigorously controlled systems, you can never guarantee absolute security. What we can do, though, is control the risk and keep it to a level that fits the organisation’s risk appetite.
I’ve spent a chunk of my life writing about how to secure your network to work with IoT and user-owned devices. For a change I’m going to look at the devices themselves. So do all the usual stuff, such as keeping user-owned devices outside the firewall, segregating IoT devices on their own subnets secured with access control lists, enabling the right access (and only the right access) for devices to be monitored, managed and upgraded, and implementing network access control.