The Industrial Internet of Things & Network Security: A Desperate Need for Standards
Just about everything is connected: from cell phones and wearable devices to cars, refrigerators and industrial equipment. IT experts have long recognized this global connectivity will only continue to skyrocket. Connectivity adds convenience to our jobs. It is almost expected that employees will use BYOD devices such as laptops, smart phones and tablets to communicate. But a tremendous challenge for IT professionals is network security. Not knowing what is connected to your enterprise’s network is dangerous. How does your IT staff protect sensitive information from hackers if you and they can’t account for risks such from invisible connected infiltrators?
Well, it sometimes takes a village to be vigilant. There’s currently a rush to create universal standards for IIoT that will cover a wide expanse of areas, including security. Setting global standards for IIoT security management will certainly help your IT staff keep questionable devices from wreaking havoc on your network.
Industry and Professional Standards
Several standards groups — including those led by tech giants like Google, Intel and Qualcomm — have put their hats into the ring of devising universal IoT/IIoT standards. These groups are reviewing areas such as IoT architecture, interoperability, privacy and security, but none have prevailed. Liken it to the infamous battle between VHS and Betamax — may the best ideas win. Most countries have been working on developing individual IoT/IIoT standards, but ideas on how to do that differ.
Some recent signs of progress have probably caught the eye of your IT manager:
The International Telecommunication Union Standardisation Sector (ITU-T) Study Group met in Singapore and came up with two new global recommendations for IOT. One of those recommendations identifies common parameters for security management, remote activation, diagnostics and software upgrades. Industry standards on these issues would lessen the stress of your IT manager, who would have an easier and more efficient way to manage IoT/IIoT applications and devices.
The Industrial Internet Consortium is devising guidelines for security, connectivity and interoperability. It’s backed by large enterprises such as AT&T, Cisco, GE, IBM and Intel.
Business Insider predicts that more than $6 trillion will be spent on IoT solutions over the next five years, hastening the work of these two and other IoT industry alliances as they try to formalize universal expectations on how connected products should communicate, function and provide an accepted level of security that won’t bring down networks and businesses.
How Enterprises Should Address IIoT
Still, although universal IIoT standards will certainly help get everyone on the same page, enterprises don’t have time to wait for them to take shape.
The solution to managing IoT for businesses is strong network access control. Network access control (NAC) allows organizations to control not only who accesses the LAN, but the activities they can do once connected, such as which servers and data they can access, and which applications they can use.
In our next post we will be introducing our Security-as-a-Service network access platform, that delivers continuous risk monitoring of all your endpoints, even when they leave your premises. Your IT staff can assess threat levels in real time — from anywhere, on any device. Network access control becomes automatic and seamless, boosting security and saving time. Receive device-specific, customized risk profiles each day. It is stress free.
The article was written by Ofer Amitai, CEO and co-founder of Portnox. Ofer has over 20 years experience in network security, from establishing the first IT security team in the Israeli Air Force to managing the security division at Xpert Integrated Systems to being Microsoft Regional Director of Security. Ofer is a proven innovator and thought leader in network security. Originally the article was published here.