Did you know that every employee is now utilizing an average of three devices in the workplace? Coupled with Gartner’s prediction of a total of 70 billion connected devices by 2020, the boundaries of IT extend way beyond the four walls of the office and you can see why the addition of IoT is adding to the operational burden & increasing inside vulnerabilities for many organisations.
The on-boarding and secure management of these devices is critical for companies to succeed in embracing IoT into their mainstream operations whilst keeping their network and corporate assets safe. But the biggest question on many customers’ lips is how can they provide anytime, anywhere connectivity for their employees without sacrificing security? In fact, the most recent ZK Research Network Survey asked what the biggest impediment was to broader IoT adoption, and security ranked #1 by an overwhelming amount.
The main challenges of securing IoT devices are:
- Scale is one of the main issues due to the sheer volume of devices that need to be managed & secured
- Visibility is also a challenge. Often the security team isn’t even aware that new devices are being connected as IoT endpoints are typically managed by operations, not IT
- IoT devices can be hard to secure. There’s a long list of problems – some are old, some will present OS challenges, and some have no security capabilities to start with.
So what steps should organisations take to secure IoT endpoints?
We might as well hear it from the horse’s mouth! In an interview with Networkworld, Vinay Anand, Vice President and General Manager of ClearPass for HPE Aruba, provided some great advice and insight as well as how Aruba ClearPass could help:
- On-board the devices. There’s no single way of on-boarding a device. Aruba’s ClearPass supports a wide range of methods, including 802.1X authentication with RADIUS, MAC authentication, agents, MAC plus 802.1X or captive portal.
- Fingerprint the devices. This step requires gathering data and understanding the behavior of the endpoint. This is a critical step in looking for breaches, as any deviation from the normal behavior could indicate malicious activity.
- Put the devices into a profiler. ClearPass includes a built-in profiling service that can classify the devices. A variety of contextual data can be used to profile, including MAC OUIs, DHCP fingerprinting and other identity-centric device data. Unmanaged devices can be identified as either known or unknown when they connect to the network. The identity of these devices is based on the presence of MAC addresses in a database within ClearPass.
- Create a policy. A policy is only as good as the data used to build it and the tool used to enforce it. Aruba takes an ecosystem approach to policies by partnering with a broad set of technology partners, including MobileIron and Palo Alto Networks. This lets policies be applied and enforced at every level of IoT, including the device, network edge, applications and internet. This gives customers tight control over how devices operate and communicate, resulting in better containment of threats when they emerge.
- Monitor and analyse traffic. ClearPass pulls data out of a number of systems, including control, authentication, communication, security and management systems. Data is gathered and then analysed for odd behavior, and the device is either removed from the network or quarantined. That would happen, for example, if a medical device attempts to communicate with an accounting server. If that occurs, it could indicate a breach. When that kind of traffic is discovered, ClearPass can disconnect the device from the network, minimizing the damage. Adequately securing IoT devices depends on organisations being able to quickly recognize a device when it joins the network. Aruba has thousands of profiles already created, and it has an exchange for partners to create their own, adding to the list of supported devices.
The Internet of Things presents some unique security concerns for organisations, but with the right process and the right tools, it is manageable. Find out more about HPE Aruba solutions for IoT by contacting the Tech Data HPE Team today through firstname.lastname@example.org