Latin America. Current technology for the Internet of Things (IoT) has some limitations: battery life, bandwidth, transmission range, interoperability, among others. But don't be fooled, the available technology is enough to generate big changes in production processes, products, services and customer experiences.
A frequent topic in discussions about the Internet of Things is cybersecurity. It is not a minor problem, but perhaps it deserves an adjustment in its approach: cybersecurity should not be an obstacle to the IoT, but an enabler, you can promote it with the use of numerous tools, best practices and experiences drawn from the IT world.
Here's a 5-step guide to achieving these goals, ensuring that innovation in business and cybersecurity is aligned:
1) Security Awareness as a Principle: Whenever we incorporate new technologies into our lives and in business, we have the opportunity to start from scratch and design and implement architectures that incorporate the issue of security not only as a requirement, but as a principle for all decisions. Not only will it make security more effective and economical, it also supports riskier technical and business decisions, increasing the chances. This awareness should permeate the entire organization.
2) Identification of Security Requirements: Adoption involves considerations in the design of the technical architecture and its management model. At the stage when business requirements are identified, security requirements should also be included. As for the technical architecture, it is necessary to include incident prevention and containment mechanisms so that from the beginning it is reliable. For that, it is necessary to evaluate the capabilities and functionalities of the different elements: their sensors, their gateways, their vulnerabilities; what is the nature of the data they will transit, with which applications they will interact and where they are located – corporate data centers, mobile devices, cloud systems; and for whom they are intended, whether employees, third parties, customers or partners. Risk profiles must be identified as well as actions (mitigate, transfer, avoid, accept).
3) Containment mechanisms: Containment is commonly associated with incident response and isolating its effects. But doesn't it seem more effective to take it to the solution, design and deployment phase? Micro-segmentation technology can previously prevent the effect of unforeseen futures with different risk profiles. If you design and deploy the IoT architecture with containment as a principle, you will be one step ahead of cyber criminals in the event of successful access to your infrastructure. It is about reducing the Attack Surface, taking advantage of the flexibility and scalability that only advanced techniques provide. In addition, if network micro-segmentation is done by software, dynamic perimeter readjustment techniques can increase the resiliency and security of the architecture.
4) Operation: Incident Detection deserves attention. The volume and heterogeneity of connected devices as well as data should produce millions of alerts per day. Ensuring that relevant alerts are noticed, and only these, is like finding a needle in a haystack. Therefore, event correlation tools and SIEM (Security Incident & Event Management) platforms will be crucial to address this challenge.
5) Incident Response: Detection is necessary. This phase should provide qualified processes, tools, and professionals to effectively identify causes, investigate circumstances, and act on correction.
As the line between the physical and digital worlds becomes dimmer, businesses become more susceptible to rapid change. It is important to review business strategies, weighing the opportunities and risks that the Internet of Things brings us. Among the risks, those caused by cybercrime can be analyzed under existing security practices, they are detected from the progress observed in recent years. The important thing is not to be scared. Fear of risks cannot paralyze the business. The biggest risk is not adapting.
Text written by Leonardo Carissimi, director of security solutions at Unisys for Latin America.
