IOTs - Impact on Enterprise Security


“Anything that can be connected would eventually be connected.”

The statement would have been no less than a myth a couple of decades ago, but, over this short span of time, the world has undergone an incredible transition from real to digital, forming a parallel cloud world. From automated medical equipment and ATMs to android driven cars, it is not just your phone that has gone smart – the smart revolution has taken over the world, setting up new standards and giving an entirely different meaning to communication, interaction and networking.  Human interaction has eventually evolved into today's machine versus machine communication with zero human input requisite. While this has proved its efficacy at all levels, it comes at a price we are bound to pay; the exorbitant cost of our privacy and security.

The IoT sensation took its toll on the digital world, completely altering the conventional definitions of integrated systems and connectivity, creating a parallel cloud world. As the interaction between the real and the cloud world goes from binary to digital and vice versa, its share of pros and cons too, fairly and equally, increases. And no matter how much we attempt to beautify the concept with cosmetic terms like ease of access, world going-smarter, innovation, promising, convenient, digital global village, the fact of the matter is, it comes with certain concealed costs that have made us prone to more vulnerabilities than we have ever seen before.

Every new device addition into the cyber connected system means another new end point, a potential door to welcome another vulnerability. As we strive to make machines go smart and intelligent, we create systems that connect devices and machines programmed to operate in a close system, interacting with each other, sharing critical information and data and working accordingly. While this may validate the automated functioning aspect, it also points out to an alarming fact that even a single and minute loophole may turn into a big security threat, putting the entire networked enterprise at stake.

The Internet of Things phenomenon, specifically in the world of business and enterprise, has opened doors to a new vector of security threats and hazards. The internet of things, in the course of revolutionizing e-Enterprise operations, has also altered the nature and magnitude of risks and threats involved.

Major Vulnerabilities

Potential Loopholes

As mentioned earlier, every new device addition into the network means a new gateway, a potential wreck point or a loophole that might let the intruders in, bypassing security barriers. The vulnerabilities inflicted upon an enterprise through IoT may originate not from the end-point device but also from the transit and connected communication passages, software component and the object and devices at the other end, all of which may provide a good loophole to break into the system.

IoT networks with Enterprise System

The IP enabled devices forming the enterprise system tend to lose their individual confidentiality and functionality, no matter what segmentations and gap techniques are implied. As validated in a statement by Amit Yoran, former director at US Department of Homeland Security, the interconnectedness of multiple devices onboard a single system with a mutual sharing of information will passively ensure an unintended and unnecessary flow of information within the system, taking the magnitude of network and connectivity to a point where it would be almost impossible to keep the cloud information store safe and inaccessible from unnecessary access. This implies that IoT itself could be a major internal threat for the enterprise security.

An Unconventional, Complex Architecture of Soft and Hard Units

IoT mechanism is a complex system of devices that are integrated through hardware & software. These devices vary in their function, modules and physiology, thereby providing multiple target options. Since the structure is built upon individual devices, each fundamental unit has its own security requisites. The IoTs in the enterprise will differ from the layered design, since they have micro operating systems designed around tightly coupled hardware. Hence, they will require a custom designed security mechanism to fill gaps and eliminate loopholes that prevail within the system. In some cases, this may be not be possible at all.

Newer Problems

IOTs in enterprises will provide tremendous stealth opportunities to attackers, and will over burden enterprise cyber security teams with ever expanding device types and data. Cyber Security analysts equate APT detection to finding needle in a haystack. Emergence of IOTs in the enterprise will only compound the problems and enterprises need to understand the complexity and be prepared, before they embrace IOTs.

IOTs are definitely here to stay. There is tremendous potential for productivity and efficiency improvements along with lives to be saved by use of IOTs. Parallely we should consider the downfalls of the current state of IOTs, and the threats they pose to privacy, security and life in some instances.