Achieving adequate IoT security may prove challenging to many organizations, but luckily SearchCIO followers were on hand during our #CIOChat to dole out security best practices for IT professionals to follow.
As Mark Lorion, CMO at Apperian Inc., stated, one way to ensure better IoT security is by developing secure applications and content for IoT devices. If the apps are secure, that puts less of a security burden on the IoT devices themselves, Lorion suggested.
But that's just the beginning. Ales Teska, founder of TeskaLabs Specifics, got technical with his response to the question of IoT security best practices, listing specific IT operations that serve as a good defense:
A4 - Best possible crypto, backend isolation, mutual auth, whitelisting of IoT clients, access control, content inspection #CIOChat
— Ales Teska (@alesteska) January 28, 2015
Beyond that, Pictographics Inc. President Harvey Koeppel, suggested that IT teams need to develop entirely new architecture and governance models for IoT security.
Security and privacy by design
One thing that nearly all #CIOChat participants could agree on is that IT teams must integrate security measures early in the design stages of IoT systems, or privacy by design. Building upon a secure framework is always easier and more efficient than attempting to tack on security retroactively, according to Bryan Katz, director of EUC Mobility Strategy at VMware.
An FTC report from earlier this year on IoT security also highlights the importance of imbedding security into IoT devices from the start -- something they call "security by design." In addition, the report advised companies to enact risk assessments, change default passwords, use employee training and a layered approach to defense. None of that counsel is revolutionary in today's era of data breaches, but no measure is too small when it comes to securing IoT.
Cybersecurity enthusiast Monika Hathaway, reinforced this point of security (and privacy) by design, but some doubted whether it would happen:
A5) It starts with security & privacy by design. These must be elements of the core not an add on #CIOchat
— Monika Hathaway (@jazzpatron) January 28, 2015
@jazzpatron #CIOChat Privacy by design won't happen until regulated. Business is too profit driven.
— Tyler Shields (@txs) January 28, 2015