The IoT Is BYOD All Over Again
Internet of Things (IoT) devices are proliferating into unanticipated areas of businesses and personal lives. The explosion of IoT devices follows the familiar pattern of the bring-your-own-device (BYOD) movement, which has infiltrated the same spaces. What differentiates the two categories is the number of items and the cost of individual devices. But while the differences are substantial, IT can learn from its experience securing the BYOD population.
The introduction of BYOD into the enterprise may have been unauthorized, but the products were typically not hidden. The smartphones, smart watches and other intelligent devices were generally used in plain sight, but the risks they posed included allowing unauthorized and unsecured access to enterprise systems through personal devices that were being used for work purposes. The fact that enterprise-level products could be put into service without IT oversight or proper security precautions took analysts by surprise. It also generated a rush to create software and services that could be installed on user-owned units and in enterprise infrastructure to reduce the threats they posed.
Similarly, these new smart products carry a variety of robust technical capabilities, such as communication and data transfer. They are also arriving without IT authorization or vetting. This time, however, they are not in plain sight: In many cases, the IoT components are embedded as part of some larger product. Most importantly, like BYOD, IoT devices notoriously lack security.
IoT devices are often small and inexpensive components that add smart capabilities to the products that host them. Consumer products such as thermostats, smart TVs and refrigerators benefit from communications, sensor reading, and video and sound recording. In the enterprise, IoT devices such as copy machines, HVAC systems, VoIP phone systems and intelligent subsystems can be breached in under three minutes, according to a ForeScout report. Read more…