Dell Security has outlined five best practices for securing the Internet of Things (IoT) during the second annual North American Dell Security PEAK Performance conference for IT channel service providers, explaining practical steps organizations and the resellers advising them can easily implement.
Because security is commonly an afterthought when it comes to implementing IoT, critical organizational data is often at risk. Dell channel partners have an incredible opportunity to strengthen relationships with their customers and expand their business by helping customers assess, prepare and implement security measures to protect valuable organizational data created by IoT.
“Resellers and their customers need to be careful about not jumping into a full-scale IoT program implementation without understanding the impact these devices can have on security,” said Curtis Hutcheson, executive director and vice president, Dell Security. “Organizations must carefully evaluate the myriad devices being implemented in their networks, as well as the surge of data coming to and from those devices and networks. Without proper preparation and ongoing management, the explosion of data stemming from IoT devices can overwhelm existing security infrastructures putting organizations at increased risk.”
Dell Security experts have identified five steps organizations should take to increase security while enabling executives, employees and customers to take full advantage of the evolution of IoT devices:
1) Put Security First: Be vigilant and ensure data is secured and encrypted from the data center or the cloud to the endpoint and everything in between. Dell advocates a holistic approach to security that includes looking at endpoint security, network security, identity and access management, and more. Be aware of the data device vendors collect. If they are collecting data on all of their customers, this consolidated data set may be a very attractive target for hackers.
2) Research the Devices: Evaluate the IoT devices accessing and planning to access the system. Understand what they do, what data they collect and communicate, who owns the data collected from the device, where the data is being collected, and any vulnerability assessments or certifications the devices have.
3) Audit the Network: It is critical to understand the impact of IoT on network traffic in the current ‘as-is’ state. Do an audit to understand what is currently accessing the system, when, what it does when it sees data, and what it communicates to and where. This will enable an organization to reassess its network performance and identify any changes on an ongoing basis as additional devices are knowingly or unknowingly added or removed.
4) Compartmentalize Traffic: Employ a ‘no-trust’ policy when it comes to IoT devices. Ensure they are on a separate network segment or virtual LAN (VLAN) so they are not able to access or interfere with critical corporate data.
5) Educate Everyone: IoT is the ‘Wild West’ and will continue to evolve and change rapidly over the coming months and years. As such, it will be critical to ensure IT, security and network teams educate themselves about the latest devices, standards, and issues. Be prepared for consolidation and emerging standards, but understand today, little of that exists as some devices have weak or no security.
The recent discussion about securing devices reflects Dell’s commitment to help resellers and customers realize the full potential of IoT, while understanding that security cannot be an afterthought. Dell recently announced the first Dell IoT Gateway and formation of a division focused on bringing together IoT solutions that span hardware, services and software. This end-to-end approach is built on Dell’s bedrock of global availability, industry leading support and trusted security options.