With the emergence of devices that connect to the Internet such as Google Glass, keeping track of devices and what information they are accessing on the network has become harder for IT staff.
According to an IDC United States report from October 2013 called Worldwide Internet of Things (IoT) 2013-2020 Forecast: Billions of Things, Trillions of Dollars, there will be approximately 212 billion IoT devices in use globally by 2020, all of which will need securing.
Cisco Australia general manager of security Glenn Welby told Computerworld Australia that as more IoT devices enter the market, this will just provide more ways for cyber criminals to attack networks.
The vendor has taken the step of testing its own networks for IoT threats. According to Welby, Cisco’s CSO introduced malware into the network by using the vendor’s own Telepresence unified communications units.
He warned it is “not possible” to stop cyber criminals getting into networks because there are only two types of organisations: one that is aware of its security problem, and the other that is not.
“Organisations must change their mindset to be looking for attacks. Once you’ve been attacked, and you will be, understand what is happening. Make sure you have visibility across your infrastructure and data storage.”
Welby also suggested that IT managers start drafting wearable device policies in anticipation of devices that connect to the Internet being released in Australia.
The policy could cover areas such as what IoT or wearable devices are allowed to access corporate networks and what data can be viewed on the device.
- Five Internet of Everything gadgets
- Securing your data in a BYOD world
- Vehicle to vehicle communications could drive us to a safer place: Industry
“Many IT managers believe that the IoT consists of new technologies and services,” Gartner US research vice president Earl Perkins said in a statement.
“Although the business use cases being identified [for the IoT] are new, the technologies and deliver them seldom are. Each IoT risk profile has specific requirements that may result in the use of old platforms with a new technology 'overlay’ to improve performance and control,” he said.
According to Perkins, this overlay represents an “interesting challenge” for IT and security managers when delivering secure services for the IoT.
“In some cases, it may be an exercise in evaluating mainframe, Web, cloud and mobile security options as part of an overall IoT business use case.”
Perkins suggested that IT managers look at the devices they have in the workplace. If these devices are networked for communication on private networks, public networks or the Internet, they can be classified as IoT.
“IT managers will find that devices that use sensors are built with embedded systems and have a means of being identified will appear in [IoT] business use cases. Build on these use case experiences to develop common security deployment scenarios and core architectural foundations," he said.
“The core principles of data, application, network, systems and hardware security are still applicable.”
Follow Hamish Barwick on Twitter: @HamishBarwick