alphaspirit - stock.adobe.com
Onboarding an IoT device can be a complicated process. Admins must consistently onboard a variety of devices and ensure a secure connection.
To onboard an IoT device, admins must connect it to a local network and the Internet so the device can perform its intended tasks. Next, they must connect the device to the specific applications it will use. These applications present additional layers of security and configuration that admins must navigate as they provision IoT devices.
For successful IoT device onboarding, address these four elements:
1. Plan ahead for data storage and usage
IoT devices don't have a lot of built-in storage, so they must upload collected data to either a cloud-based or on-premises storage system. This means that admins who oversee IoT deployments should understand the type of data storage infrastructure available to them, how much data it can store and when certain datastores are backed up or deleted.
Have a policy that addresses both the use and ownership of company data collected from IoT devices. If a user can access company data on their personal device, and potentially store or forward it, align this usage with company data governance policies. Users must clearly understand data usage rules, along with the legal risks for rule violation.
2. Automate device onboarding and provisioning
IoT admins can rely on APIs to fleet-provision devices and use zero-touch provisioning -- capabilities that are often included in IoT management software.
These options reduce configuration and deployment time for IoT devices, but they aren't without their challenges. For example, zero-touch provisioning -- a way to automatically set up and configure a device -- requires little manual intervention. Still, admins should be aware of potential configuration file issues and have strong security protocols in place to protect against hackers.
3. Use enterprise IoT software for device management
Enterprise IoT device management software maintains a list of all devices that are authorized for network use and access. It can also track permissions for each device and enforce security protocols. In addition, this software can restrict access and/or the installation of certain applications and data on a per-device basis.
Beyond device management, enterprise IoT software provides admins insights into how their IoT infrastructure runs. Through real-time data and alerts, admins know the health and status of any network-connected IoT device. IT teams are notified if a device goes offline or has connection issues so they can troubleshoot and reprovision hardware if needed.
FIDO: New help on the way
In 2021, the FIDO Alliance developed an open standard called the Fido Device Onboard (FDO) protocol. FDO will make it easier to connect IoT devices to cloud-based and on-premises device management platforms.
The FDO protocol can autonomously onboard an IoT device without an admin knowing how to configure or access the underlying network and Internet infrastructure the device runs on.
The updated FIDO2 protocol enables IoT device onboarding without the need for a password and maintains the network's security and governance requirements.
These continuously evolving IoT device onboarding protocols help IT deploy large IoT device installations more rapidly.
4. Set appropriate security levels
IoT devices usually have lax default security settings. It's up to IT to harden these settings to ensure devices meet corporate security and governance standards.
As part of the provisioning process, issue new device passwords and set up device certificates. These certificates provide IoT devices a unique identifier, which authenticates the device and protects it against IP attacks.
Take the time to set passcodes on specific devices and see which devices require role-based access so that the right users access the necessary data.
Once the devices are provisioned and integrated with the IoT management software, set up automatic security and application updates for new devices. Devices should also be automatically tracked so that if a user loses or misplaces a device, IT can locate it and, if necessary, shut it down.