Yesterday, after a recent security event of theirs, Dell announced some IoT security best practice guidance for organizations. Excerpt:
1) Put Security First:
Be vigilant and ensure data is secured and encrypted from the data center or the cloud to the endpoint and everything in between. Dell advocates a holistic approach to security that includes looking at endpoint security, network security, identity and access management, and more. Be aware of the data device vendors collect. If they are collecting data on all of their customers, this consolidated data set may be a very attractive target for hackers.
2) Research the Devices:
Evaluate the IoT devices accessing and planning to access the system. Understand what they do, what data they collect and communicate, who owns the data collected from the device, where the data is being collected, and any vulnerability assessments or certifications the devices have.
3) Audit the Network:
It is critical to understand the impact of IoT on network traffic in the current ‘as-is’ state. Do an audit to understand what is currently accessing the system, when, what it does when it sees data, and what it communicates to and where. This will enable an organization to reassess its network performance and identify any changes on an ongoing basis as additional devices are knowingly or unknowingly added or removed.
4) Compartmentalize Traffic:
Employ a ‘no-trust’ policy when it comes to IoT devices. Ensure they are on a separate network segment or virtual LAN (VLAN) so they are not able to access or interfere with critical corporate data.
5) Educate Everyone:
IoT is the ‘Wild West’ and will continue to evolve and change rapidly over the coming months and years. As such, it will be critical to ensure IT, security and network teams educate themselves about the latest devices, standards, and issues. Be prepared for consolidation and emerging standards, but understand today, little of that exists as some devices have weak or no security.