FEATURE: IoT
WHEN AN IOT DEVICE IS
COMPROMISED, YOUR PUBLIC AND
PRIVATE CLOUDS ARE AT RISK AND
THIS CAN EVENTUALLY AFFECT
YOUR CORE NETWORK AND EVEN
YOUR CUSTOMERS.
compromised, your public and private clouds
are at risk and this can eventually affect your
core network and even your customers.
How to secure IoT and
cloud connections
There are six key considerations when it comes
to securing IoT and cloud environments:
1. Robust vulnerability management.
Understanding what is on your network
and the potential threats they pose
is critical. Keeping track of your IoT
devices ensures they can be updated
with security patches (where possible),
properly segmented and isolated, or
protected using effective proximity
controls that can offer defence in the
case of an attack.
2. Compensating controls. By
implementing proper controls, security
teams can mitigate risks posed by
those devices that can’t be updated.
Proximity devices, including firewall
and IPS systems, should be leveraged
to ensure the inspection of data
moving between IoT devices and
the cloud. Additionally, behaviourbased
detection can be used to
identify traffic discrepancies, such as
the communication between botnet
command and control centres.
3. Encryption. This practice should be
leveraged where possible to ensure the
confidentiality and integrity of data.
4. Hardened security at the cloud edge.
Not all IoT environments are secure, so
hardening the cloud network is essential.
In addition to other mitigation efforts,
avoiding DDoS attacks and malware is
also a matter of inspecting traffic at the
cloud edge.
5. Integration and automation. The
policies that govern security tools and
the collection of security event data need
to exist within the same management
platform. This will ensure event
correlation, consistent functionalities,
reliable configuration delivery and the
orchestration and enforcement of policies
all through a single pane of glass.
6. Security plus performance. Security
platforms must be consistently reliable,
no matter the environment in which they
are deployed. Regardless of whether
they are deployed as a virtual instance
or a physical appliance, they must be
able to process large amounts of data
without slowing down the collection and
processing of critical data.
44 INTELLIGENTCIO www.intelligentcio.com