Growing concerns about the security of the evolving Internet of Things (IoT) have elicited a variety of industry responses, the latest being a push by Verizon Enterprise Solutions to scale its digital-certificate creation and management tools to support IoT deployments with tens of millions of connected units.
The new enterprise portal – launched this week in Australia, Europe, the US and other major geographies – provides an interface for enterprise customers to access the company's Managed Certificate Services (MCS) platform, which has been designed to facilitate the process of authenticating objects and machines connected to next-generation autonomous networks.
When using such a service, devices that were not centrally authenticated would be prohibited from connecting to the IoT environment – protecting that environment and allowing the company in question to manage the environment according to a range of established and new business rules.
Centralising this capability should help support applications requiring strict verification of device identity, such as smart grids and other control networks or higher-level functions requiring user identification.
“We are at the tip of the iceberg when it comes to the growth of the Internet of Things,” said Mike Denning, vice president of Global Security for Verizon Enterprise Solutions in a statement.
“A lot of enterprises are asking about the best way to secure connected objects. Like any other device connected to the network, we are helping clients to develop the best safeguards depending on their specific implementation as well as their business and regulatory requirements.”
IoT deployments have gained currency in security circles this year as a growing range of devices contributes to the global flood of information, much of it falling under the control of regulations requiring protection of private information.
Statistics from security group ISACA, which recently released a guide to evaluating the risk inherent in IoT deployments, suggested that IoT concerns were already surfacing at many organisations.
Concerns about growing use of wearable devices such as fitness trackers – which have been demonstrated to be rather generous in their sharing of personal information – have bolstered concerns around survey findings that consumers think they're better at protecting data than they are.
Read more: Windows users exposed to fraudulent Yahoo and Google sites
With some 43 percent of organisations in ISACA's recent IoT Risk/Reward Barometer already said to be using IoT or planning for an IoT deployment within the next 12 months, and enterprise respondents saying they felt IoT's risks outweighed its benefits (in direct contrast to consumers, who felt benefits outweighed risks by a margin of 1.5:1), the need for services like Verizon's is likely to grow as IoT deployments expand.
Such a platform addresses several of the nine points on ISACA's IoT risk management framework, which addresses issues such as controlling access to devices, establishing the identity of those accessing the devices, how devices are to be updated, how personal data is to be monitored and protected, and how data is to be shared.
“Connected devices are everywhere—from obvious ones, like smart watches and Internet-enabled cars, to ones most people may not even be aware of, such as smoke detectors,” said Robert Stroud, international president of ISACA and vice president of strategy and innovation at CA Technologies, in a statement.
“Often, organizations can be using IoT without even realizing it—which means their risk management stakeholders are not involved and potential attack vectors are going unmonitored.”
A 2014 IDC analysis predicted the market for IoT technology and supporting services would grow at 8.8 percent annually through 2017, when it will be worth an estimated $US7.3 trillion.
This article is brought to you by Enex TestLab, content directors for CSO Australia.
Upcoming IT Security Events
Join CSO for the day@#csoperspectives and hear from @kimzetter @LeviathanSec
3 International Keynote speakers, 36 Key IT Security Industry Speaker, 21 Exhibitors, Security Analysts and many more.. Register today
Don't miss one of the biggest IT Security events in ANZ (registration is free, but seats are limited)