IoT Security: How Two Sides Want to Solve the Problem
With trends indicating IoT’s reach may grow from 15 billion connected devices as of 2015 all the way up to 75 billion connected devices in 2025, it’s never been more important to have the IoT security talk. After all, that figure represents the network inroads and the computing might that, if left exposed, will be waiting for attackers to exploit. Given the potential risk/reward of IoT, one entity has interjected itself into the IoT security conversation.
In September, the state of California once again found itself on the regulatory cutting edge. Its legislature passed what has been called a “first-of-its-kind bill on IoT security.” The bill, designated “SB-327 Information privacy: connected devices,” puts the onus on manufacturers to build device-level protection directly into their products. These intrinsic security feature(s), via the exact text of the bill, should be:
- appropriate to the nature and function of the device
- appropriate to the information it may collect, contain, or transmit, and
- designed to protect the device and any information contained therein from unauthorized access, destruction, use, modification, or disclosure.
Furthermore, connected devices with built-in authentication ability must meet a pair of conditions according to the bill:
- The preprogrammed password must be unique to each device manufactured, and
- A feature must exist requiring users to generate a new means of authentication before access is granted to the device for the first time.
Make IoT security an internal initiative
Some pundits have criticized California’s bill for not going far enough from a governance perspective. Of course, regulation tends to breed additional regulation. So, this could turn out to be the opening salvo in a much broader campaign to bring greater oversight to IoT. However, for organizations attempting to manage the influx of connected devices projected to inundate their facilities over the next decade, potential security-boosting regulations will do little good. Instead, businesses must take it upon themselves to ensure the security of their technology environments. On that topic, some recent news from Cisco could prove helpful.
Earlier this year, Cisco announced an IoT security-focused expansion of its DNA Center network management platform. As part of this update, DNA Center gained access to the profiles of more than 600 new IoT devices. These new devices – pulled mostly from sectors including manufacturing and medical – will now be accessible by DNA Center admins. As such, admins will be able to (via integration with Cisco ISE) push access and security policies out to those devices, gain insight into their health and performance, and beyond. This move represents just one phase of a larger DNA Center expansion designed to bring safer and more secure IoT connectivity to all industries.
Next steps: Keep the IoT security conversation going
Want to learn more about the changes to Cisco’s DNA Center? Or, would you like to have a conversation about how else your businesses can leverage IoT connectivity without sacrificing security? The Arraya team is here to help. Visit https://www.arrayasolutions.com/contact-us/ to start a dialogue with our IoT experts today.
Want to leave us a comment on this or any of our blogs? You can do so through our social media pages. Arraya can be found on LinkedIn, Twitter, and Facebook. Once you’ve shared your two cents, follow us to stay updated on our industry insights and learning opportunities.