Three dimensions of enterprise IoT risk - devices, ecosystem and use case.
To maximize IoT security in the enterprise, business and IT leaders need to understand the three ‘dimensions’ to IoT risk - devices, ecosystems, use cases. Understanding how these three dimensions interact, and the risks they present, will give organizations a holistic approach to IoT security.
IoT devices: Establishing robust device controls begins with creating an inventory of devices entering your organization on a regular basis – such as personal phones, tablets and PCs belonging to employees, customers, suppliers, messengers and other visitors – and categorizing them according to their level of complexity. Along the way, never assume any IoT device has effective security built in. Regularly update security software and implement antivirus programs and encryption.
Ecosystems: Beyond the daily workplace traffic of employees, the daily influx of third parties into your enterprise – clients, suppliers, messengers, maintenance workers and more – requires a proactive approach to overseeing who and what are entering your ecosystem. You are only as strong as your weakest link, so know who is using your system and ensure that every user understands their responsibility within it.
Use case: The question becomes one of where a device is being deployed, how it is being deployed, and by whome. These factors will have a critical impact on the level of risk involved. Use cases can range from relatively simple, suchas a proprietary phone app, to complex, such as a web-based login to the ERP. As devices enter the public domain, risk levels soar unpredictably, especially if the device is being used for purposes or in locations for which it's not intended.