Security consultants and practitioners have insight into how organizations of various sizes, across both the public and private sectors, are preparing for Internet of Things (IoT) deployments during this unusual pandemic year.
A common theme for larger organizations is ensuring that the necessary governance and rigor for IoT is in place so IoT can be quickly enabled and rolled out when demand increases. This includes ensuring that there is internal endorsement from stakeholders on the general use of the technology.
It is important that organizations have an IoT support model in place to ensure the technology will be effectively supportable and sustainable long term. The support model needs to be end-to-end, from the sensors and actuators in the environment to the analytics in the cloud. Ensuring that teams are able to produce meaningful analytics for business outcomes is the key to success of IoT, including making sure that the sensors in the environment are continually available and producing accurate readings. In support of this, internal capability is maintained during such times, with the necessary technical expertise still in existence when there is a need to make it happen quickly.
From a technology roadmap perspective, organizations should be well-versed in what technology they will use, and specifically the technology that they see as not being suitable for in-scope use-cases. Because of the investment in physical devices, budget should be spent wisely – for example, avoid investing in forms of wireless technology that do not provide the longevity required. Where the rubber meets the road is being able to scale up and out at speed, not just in the cloud but also in the manufacturing processes of devices and sensors.
Running trials of technology is a good way to ensure that the organization gets hand-on experience and can trial emerging technology at first hand. Completing such trials upfront can also ensure that the infrastructure can support the deployment of different types of connectors and protocols.
From a cybersecurity perspective, baking in security is critically important. This can be achieved by adopting an IoT security controls framework. As a pragmatic approach, organizations should define a list of key controls for new IoT solutions.
Organizations should also complete due diligence around their supply chains by analyzing the actual source of where chipsets are manufactured to ensure that it is sustainable into the future given geo-political considerations and other factors.
It goes without saying that stocking hardware in advance may lead to a situation where there is over-supply if internal demand decreases. If organizations are manufacturing and selling IoT devices, it’s important to forecast their sales pipeline and have a strong relationship with hardware manufacturers that expedite the delivery of new chipsets and components. Another approach is to build out a sales channel of partners that can also stock the IoT devices. This reduces the risk on the IoT manufacturer since stock is held by the partners.
Because of the speed of development of chips and narrow-band technologies, making advanced investments may not provide the necessary return since the market may change when it bounces back. Ensuring that Firmware over the Air (FOTA) is supportable now and into the future is key to providing sustainable support. This has been the downfall of certain technologies in the past.
As the threat landscape changes, making investments in types of technologies today may not secure the IoT world of tomorrow. A good investment is in ensuring the security components of your IoT management/application platform provide threat detection. Security teams should have visibility into when their IoT infrastructure is under attack from IP addresses with a bad reputation.
During the COVID-19 pandemic, investing in smarter buildings infrastructure is of special consideration when there are questions surrounding where staff will be working from in the future.