SlideShare una empresa de Scribd logo

Safeguarding the Internet of Things

Cognizant
Cognizant

The Internet of Things (IoT) promises to change the way enterprises connect, communicate, operate, and compete. At the same time, the IoT has left enterprise networks and IoT devices extremely vulnerable to security breaches. Current IoT devices and infrastructures are simply not equipped to tackle today’s sophisticated attack methods. Vulnerabilities can be easily exploited unless security is embedded from the inside out – from conception, deployment, and maintenance, to the network edge and across connected devices and infrastructures.

1 de 14
Descargar para leer sin conexión
Cognizant Reports | May 2017 Safeguarding the Internet of Things While the Internet of Things promises real-time operational benefits, vulnerabilities can be easily exploited unless security is embedded from the inside out – from conception, deployment, and maintenance, to the network edge and across connected devices and infrastructures. COGNIZANT REPORTS
Cognizant Reports Safeguarding the Internet of Things | 2 EXECUTIVE SUMMARY The rapid growth of the Internet of Things (IoT) has left enterprise networks and IoT devices extremely vulnerable to security breaches. Although this threat looms large for companies deploying IoT applications and infrastructures, most organizations’ security budgets do not account for securing their IoT subnetworks. That’s because current IoT devices and infrastructures are not equipped to avert today’s sophisticated attack methods. The heterogenous nature of device software, insufficient monitoring, and a lack of visibility into IoT devices only add to the complexity of safeguarding enterprise IoT ecosystems. At the same time, investing in highly secure IoT-based infrastructure can deliver a range of significant benefits, including: • Higher revenues from new business models. • Lower operational costs through optimized processes and seamless business operations. • Immediate access to clean, meaningful, and highly accurate data. • A superior user experience. To develop such an infrastructure, organizations need to build in security at every stage – fromapplicationconceptionanddesign,todeployment,operations,maintenance,upgrades, and retirement. Companies that have already implemented an IoT solution can consider an outside-in approach by undergoing an independent review of their infrastructure that includes: • Threat modeling across all security layers. • Tailored penetration testing and vulnerability assessment. • Review of common attack surface areas.
Organizations that want to identify vulnerabilities and improve their security stance from the beginning should consider an inside-out approach that focuses on ensuring that key elements are embedded in their IoT solution: • Secure boot and hardware-based security controls. • Device authentication and secure data management. • A policy framework for governance. • Secure, over-the-air (OTA) updates. • Secure remote access. • Fail safe/self-awareness. • A layered security design. Cognizant Reports Safeguarding the Internet of Things | 3
Cognizant Reports THE STATE OF IOT SECURITY The Internet of Things (IoT) is growing at a stunning pace – expected to account for 28.1 billion con- nected devices by 2020 (see Figure 1). 1 From an economic standpoint, linking the physical and digital worlds could generate up to $11.1 trillion a year by 2025. 2 Organizations that are using or plan to use the IoT will have to ensure that all IoT devices connected to their networks are highly secure; other- wise, they can be a potential entry point for network intrusions. Projected Number of IoT Connected Devices: 2015-2020 (billions) 13.1 16.3 19.2 22.2 25.2 28.1 2015 2016 2017 2018 2019 2020 Figure 1 Source: IDC, Worldwide and Regional IoT Forecasts, 2015 via Economist According to Gartner, spending on IoT security is expected to reach $547 million in 2018, 3 almost double the $281.54 billion expended in 2015. Gartner also predicts that by 2020 more than 25% of identified enterprise security breaches will involve the Internet of Things. Yet the IoT will account for less than 10% of IT security budgets. 4 Research indicates that a majority of IoT devices, such as SCADA systems, medical devices, critical infrastructure components, smart meters, and appli- ances, have insufficient security mechanisms. Furthermore, less than one-third use encryption to protect vital systems and safeguard the data coursing through their networks. 5 Poor communica- tion between IT teams and the low priority accorded to securing IoT data by top-level management are also proving to be major impediments to adequately safeguarding enterprise IoT environments (see Figure 2, next page). 6
Cognizant Reports Safeguarding the Internet of Things | 5 ENTERPRISE IOT SECURITY CHALLENGES The very nature of IoT infrastructures poses numerous challenges to companies securing their IoT installations: Device & Infrastructure Vulnerabilities Because IoT infrastructures rely on both physical and virtual components, risks and vulnerabilities are compounded. This can overwhelm security administrators. Most IoT devices typically oper- ate outside organizational firewalls, yet connect directly to companies’ internal networks and applications  – significantly increasing their vul- nerability by extending the attack surface (i.e., the number of unprotected devices that attackers can target). Unprotected IoT devices in a network can be converted into bots by attackers, then used to attack third-party systems and extract data from communication channels. 7 Gartner says that security vendors will be challenged to provide usable IoT security features because of the limited assigned budgets for IoT, and orga- nizations’ decentralized approach to early IoT implementations. 8 IoT devices are predominantly single-purpose tools; their function is governed by sensors and the types of data they bring into an enterprise. Unlike their more evolved IT counterparts (smart- phones, desktops, and portable computers), IoT devices’ processing and storage capacity is strictly for functional purposes, and not intended to handle heavy-duty computing tasks, such as encryption, unless absolutely necessary (see Figure 3). Otherwise, the devices become easy Which of the Following Do You Believe Will be Your Organization’s One or Two Biggest Challenges Around IoT security? 41% 34% 34% 27% 25% 4% IT and OT Functions Working Together – Example: Technology Acknowledging IoT Devices – They are around and need to be secured Allocating Budget for Security for IoT Devices Solution Availability – Which are industry approporiate Lack of Personal Resources Others Figure 2 Source: Forescout, 2016 Top IoT Vulnerabilities 1 Unsecured Web Interface 2 Insufficient Authentication/Authorization 3 Unsecured Network Services 4 Lack of Transport Encryption/ Integrity Verification 5 Privacy Concerns 6 Unsecured Cloud Interface 7 Unsecured Mobile Interface 8 Insufficient Security Configurability 9 Unsecured Software/Firmware 10 Poor Physical Security Figure 3 Source: www.owasp.org
Safeguarding the Internet of Things | 6 targets for potential hackers looking for the weakest link in the enterprise (see Figure 4). 9 As they evolve, IoT devices are expected to take on more complex tasks related to data collec- tion, communication, and analysis, which will enhance their autonomous decision-making capabilities. 10 Yet if left unprotected and without sufficient security controls, they will become the target of choice for attackers looking to steal raw and processed data (see Figure 5). The ease and effort involved in rectifying this issue Cognizant 20-20 Insights Percentage of Devices Vulnerable to Cyber-Penetration 80% 80% 70% 70% 60% Failed to require adequate password protection Raised serious privacy concerns Enabled hackers to identify user accounts Did not encrypt data to the Internet or local network Did not use encryption when downloading software Figure 4 Source: Hewlett Packard Enterprise Security Research, 2015 via Economist. Devices came from manufacturers of TVs, webcams, home thermostats, remote power outlets, sprinkler controllers, hubs for controlling multiple devices, door locks, home alarms, scales and garage door openers. All devices used mobile connections, and the majority were connected to a cloud service. Risks Increase as the IoT Matures Phase Function Dumb Basic Smart Semi-Autonomous Fully Autonomous Data Collection No Data No-Risk Data Moderate-Risk Data High-Risk Data Data Analysis No Analysis No Analysis Cloud Analysis Cloud + On-Device Decision Making No Decisions Human-Controlled Cloud-Based Cloud + On-Device Communications No Communications Cloud Read Cloud Read Write Machine-to-Machine Potential Impact Limited Moderate High Critical Figure 5 Source: Forrester and Cloudera
Cognizant Reports Safeguarding the Internet of Things | 7 is directly proportional to the distance between the “break-in” point and the edge device – the entryway to enterprise networks, and where data collection takes place, followed by data analysis, policy decisions, communications, and applications. Software Heterogeneity By design, an IoT infrastructure establishes multiple connections – numbering in the bil- lions – between things, people, and other entities. Managing user permissions for these relation- ships is already a major challenge. Each IoT device comes with unique, manufacturer-supplied software and services, which can expose gaps in privacy, security, compliance, and transparency. These vulnerabilities are not only difficult to detect, they’re hard to resolve. Also, given these devices’ limited processing power and storage, running them on old and often unpatched oper- ating systems only increases risk. Software heterogeneity is evident in the vari- ety of protocols currently used by companies in industries that focus more on functionality than security. For example, the z-wave proto- col applies more to home automation and radio frequency-type devices, while MQTT or AMQP protocols are more suited to middleware for enterprise-grade devices. Since the identity of a device is the focal point of IoT security chal- lenges, standardizing protocols and applications for industries and contexts is a fundamental requirement when handling this level of diversity. Poor Visibility & Monitoring Securing any network requires that connected devices be visible and manageable. Yet when it comes to the Internet of Things, many organiza- tions fail to extend their security policies to IoT devices or gateways connected to home net- works. 11 Surprisingly, a 2014 study by Tripwire and Atomik Research reveals that a majority of employees who work in industries with criti- cal infrastructures routinely access company documents and e-mail from home, and on aver- age had 11 IoT devices connected to their home networks. 12 A survey conducted by ForeScout 13 found that half of the IT professionals surveyed lacked the ability to see, manage, and control the IoT devices connected in their network. This is largely due to the erratic adoption of available protocols and proprietary customiza- tions – rendering devices even more vulnerable. The challenge is to develop a consistent policy for exchanging and handling data securely within and across devices – from discovery to authenti- cation. Single-purpose devices tie themselves to their respective provider apps or cloud platforms, while general-purpose devices typically lack the ability to improvise or integrate a common authentication or policy-management solution to monitor them. SECURING AN ENTERPRISE IoT NETWORK Organizations must understand the extent to which IoT networks, related infrastructures, and ecosystems can evolve. Looking through the The challenge is to develop a consistent policy for exchanging and handling data securely within and across devices.
Cognizant Reports Safeguarding the Internet of Things | 8 security prism at a high level, enterprises fall into two broad categories: • Those that have already implemented com- mercial IoT solutions/vendor products, with potential limitations concerning the level of security supported natively by underlying solutions. • Those that take the opportunity to engineer or integrate an IoT solution/platform with the intent to potentially incorporate industry standards or risk-driven security features into their IoT solutions or supporting ecosystem. The following recommendations can help com- panies decide where they stand in terms of IoT security, and what they need to do going forward. Review the Security of Existing IoT Solutions Companies that have already implemented an IoT solution should undergo an independent review to determine the resilience of their existing IoT environment. This requires them to: • Perform threat modeling at each security layer, including devices, gateways, and the connected cloud/ IT infrastructure. • Gather insights from the threat modeling; perform a tailored penetration test to assess vulnerabilities at each layer. The choice of static or dynamic analysis can be based on the availability of code. 14 • Review common attack surfaces, such as the communication protocol, authentication between endpoints, fail-safe devices, and the exposures associated with the hosting infra- structure, such as the gateways. • Enumerate attack routes, such as physi- cal access points, communication channels, connecting applications, interfaces, and consuming services. Figure 6 illustrates this point using two common industries: utilities (smart meters) and automotive (connected cars) as examples. This assessment should be tailored to each attack point in the respec- tive layers. Embed Security Throughout the Lifecycle Organizations betting heavily on an IoT solution/ appliance can improve their odds of success by focusing on security from the ideation stage. This can be done with a thoughtfully considered set of alternatives for authentication, data manage- ment, and control, keeping in mind the context Enumerate Attack Routes Attack Points Smart Meters Connected Cars Physical Access Disassembling to gain access to electronic components, communication buses Access to CAN/LIN networks; access through OBD connectors Communication Channels Zigbee, Zwave, 6LowPAN 3G/4G, Wifi, BLE, Satellite Radio, RBDS Connecting Applications, Interfaces Metering and control applications, mobile applications Mobile apps, media players, iPod, AUX, USB, SD cards Consuming Services Web services, RESTful APIs, cloud/ data aggregation IOT platforms Vendor platforms, open platforms (maps, navigation, weather) Figure 6 Source: Cognizant
Safeguarding the Internet of Things | 9 Enterprises should develop strong device identification and authentication processes to ensure that only authenticated IoT devices are integrated with their centralized network. of the IoT devices’ physical operating boundar- ies, as well as the dependencies and independent factors governing them. This inside-out approach should consider the following parameters: • Secure boot and hardware-based security controls: The choice of microcontroller; the possibility of having trusted platform modules for segregating secure operations; the use of specialized security chips/coprocessors; and the application of cryptographic modules in line with standards such as FIPS 140-2 15 to determine the longevity of a design and the resilience of the finished product over time. • Device authentication and secure data management: The sophistication of authen- tication mechanisms is largely related to the choice of hardware and specifications. Authentication form factors (shared keys, user name/passwords, certificates, etc.) and current protocols (CoAP, 16 ZWave, 17 Bluetooth, etc.) are consolidating. Enterprises should develop strong device identification and authentication processes to ensure that only authenticated IoT devices are integrated with their centralized network. Extending this further, companies should ensure that devices have authorization restrictions and use encryption to secure code and data. Organizations should limit the data they collect and retain, and dispose of it once they no longer need it, since unprotected data can provide attackers with ways to jeopardize IoT networks. Placing data defenses near data sources will help reduce/eliminate the risks emanating from compromised data. • Policy framework for governance: A sound governance policy is critical for effectively managing devices, people, information, and other entities within an IoT environment. Device binaries should include signatures that identify them to a common gateway policy engine, and govern the devices through- out their lifecycle – from registration, to key management, OTA, and data communica- tion across the enterprise. Protocols such as OAUTH2 18 should be used as guidelines for securely sharing information. • Secure OTA updates: Performing OTA (over- the-air) updates is one of the most challenging elements of a robust product/solution. The process involves three distinct phases: secure production of the OTA bits, secure transport, Placing data defenses near data sources will help reduce/eliminate the risks emanating from compromised data.
Cognizant Reports Safeguarding the Internet of Things | 10 and updating the bits on the target device. Updating binaries should take into account practical challenges, such as network band- width, security of the adopted channels (open, proprietary), and the time it will take to complete an update. Secure OTA binaries can employ basic Public Key Cryptographic Standards (PKCS) for secure packaging and messaging. This is key, since updated end- point security software is necessary to keep IoT devices from being compromised. • Secure remote access: Malicious attackers often target the most obvious vulnerabili- ties – weak admin credentials, open ports, and unpatched operating systems – to gain remote access. Companies should focus on improv- ing the resilience of these assets by carefully considering and strengthening their com- munication protocols, key management (and rotation) strategy, and their ability to render a compromised device to an uncompromised state in the event of a security breach. • Fail Safe/Self-Awareness: Enterprises should consider both external and extraneous factors such as weather and human actions (deliber- ate or inadvertent), which add dimensions to conventional threat modeling. Equipping IoT devices with contextual intelligence helps in building self-awareness. Using this oft- repeated software design principle comes in very handy in the connected world, par- ticularly since the context imposed on these devices is far more imposing than on a typi- cal software system. While advanced machine learning and artificial intelligence are still not commonplace, improvements in processing power and protocol standardization enable devices to fail safely and in context. Layered security design: Finally, organiza- tions should deploy security at all layers of IoT interactions, such as the device, app, and network layer (see Figure 7). Enterprise IoT security can be bolstered by using multiple layers of security, including security protocols, authentication/encryption, intrusion detection/ prevention systems, and firewalls. Positioning security mechanisms at each layer helps protect the overall network with safeguards at the device layer, ensures the integrity and security of data in transit over public communication networks, and secures data in the cloud. Companies should focus on improving resilience by carefully considering and strengthening their communication protocols, key management (and rotation) strategy, and their ability to render a compromised device to an uncompromised state in the event of a security breach.
Cognizant Reports Safeguarding the Internet of Things | 11 Security at Multiple Layers of IOT Interactions Security in Every Layer Device Layer Secure booting Authenticity and integrity of software on the device. Device Authentication Machine authentication allows a device to access networks based on credentials from a secured storage area. App Layer Access Control Mandatory Access Control (MAC) or Role Based Access Control (RBAC) to ensure minimal access limited to a component. App Data Integrity and confidentiality of application data. Network Layer Firewalling and IPS Industry-specific protocol filtering and deep packet inspection capabilities are needed to identify malicious payloads hiding in non- IT protocols. Security Information & Event Monitoring (SIEM) Integration with network management and event correlation products. Signaling Integrity Ensuring the signal quality between various devices. Datagram & Signaling Confidentiality Maintaining UDP and electrical communication confidentiality. Figure 7 Cognizant App Data Integrity Access Control App Data Confidentiality A pp Layer N etw ork Layer Signaling Integrity Datagram Signalin ConfidentialitySIEM Network Authentication Device Layer Secure Booting Device Authentication Device Integrity GETTING THERE The Internet of Things promises to change the way enterprises operate, communicate, and compete. Yet along with their many advantages, IoT environments are highly visible and vulnerable to security breaches at various layers. To prevent and deflect these intrusions, companies must build in security from the very beginning – remembering that the Internet of Things involves both physical and virtual operating perimeters that must be properly governed and protected throughout the IoT ecosystem.
Cognizant Reports Safeguarding the Internet of Things | 12 FOOTNOTES 1 “Securing the internet of things,” April 2016, Economist Intelligence Unit and Hewlett Packard Enterprise. https://hpe-enter- priseforward.com/eiu-securing-iot/ 2 “Unlocking the potential of the Internet of Things,” McKinsey Global Institute, June, 2015. http://www.mckinsey.com/busi- ness-functions/digital-mckinsey/our-insights/the-internet-of-things-the-value-of-digitizing-the-physical-world 3 “Gartner Says Worldwide IoT Security Spending to Reach $348 Million in 2016,” Gartner, April 25, 2016. http://www.gartner. com/newsroom/id/3291817 4 “Gartner Says Worldwide IoT Security Spending to Reach $348 Million in 2016,” Gartner, April 25, 2016. http://www.gartner. com/newsroom/id/3291817 5 “A primer on enterprise Internet of Things security planning,” The Economist, April 12, 2016. http://samsungbusiness.econo- mist.com/a-primer-on-enterprise-internet-of-things-security-planning/ 6 “The Internet of Things isn’t coming. It’s here.” ForeScout, June, 2016. https://www.forescout.com/wp-content/ uploads/2016/06/ForeScout-Webtorials-IoT-Security-Survey-Results-June-2016.pdf 7 “Internet of Things: Features, Challenges, and Vulnerabilities,” International Journal of Advanced Computer Science and Information Technology, Vol. 4, No. 1, 2015. https://pdfs.semanticscholar.org/ab0a/90ddd8208234e7335b1cc175b49461c- 2bae5.pdf 8 “Gartner Says Worldwide IoT Security Spending to Reach $348 Million in 2016,” Gartner. April 25, 2016. http://www.gartner. com/newsroom/id/3291817 9 “Securing the internet of things,” April, 2016. Economist Intelligence Unit and Hewlett Packard Enterprise. https://hpe-enter- priseforward.com/eiu-securing-iot/ 10 “Secure IoT as It Advances through Maturity Phases,” January, 2016. Forrester and Cloudera. https://www.cloudera.com/ content/dam/www/static/documents/analyst-reports/forrester-secure-iot-as-it-advances-through-maturity-phases.pdf 11 “Survey Identifies Internet of Things (IoT) Security Challenges for the Connected Enterprise,” June 2016, ForeScout, https:// www.forescout.com/company/news/press-release/survey-identifies-internet-things-iot-security-challenges-connected-enter- prise/ 12 “3 Best Practices for protecting against IoT cross-contamination risks,” April, 2016. The Economist, http://samsungbusiness. economist.com/3-best-practices-for-protecting-against-iot-cross-contamination-risks/ 13 “Survey Identifies Internet of Things (IoT) Security Challenges for the Connected Enterprise,” June, 2016. ForeScout. https:// www.forescout.com/company/news/press-release/survey-identifies-internet-things-iot-security-challenges-connected-enter- prise/ 14 Static code analysis is done without executing any of the code; dynamic code analysis relies on studying how the code behaves during execution. September, 2010. www.computerweekly.com 15 The Federal Information Processing Standard (FIPS) Publication 140-2, (FIPS PUB 140-2) is a U.S. government computer secu- rity standard used to approve cryptographic modules. https://en.wikipedia.org/wiki/FIPS_140-2 16 The Constrained Application Protocol (CoAP) is a specialized web transfer protocol for use with constrained nodes and constrained networks in the Internet of Things. The protocol is designed for machine-to-machine (M2M) applications such as smart energy and building automation. http://coap.technology/ 17 The Z-Wave protocol is an interoperable, wireless, RF-based communications technology designed specifically for control, monitoring and status reading applications in residential and light commercial environments. http://z-wavealliance.org/ about_z-wave_technology/ 18 OAuth 2.0 focuses on client developer simplicity while providing specific authorization flows for web applications, desktop applications, mobile phones, and living room devices. https://oauth.net/2/ 19 “Security In The Internet of Things,” 2015, Wind River Systems, Inc. https://www.windriver.com/whitepapers/security-in-the- internet-of-things/wr_security-in-the-internet-of-things.pdf
Cognizant Reports Safeguarding the Internet of Things | 13 AUTHOR & ANALYST Aala Santhosh Reddy Senior Researcher Cognizant Research Center Srinivasan Ganesh Chief Architect – Technology EBA-ERSS Cognizant Corporation SUBJECT MATTER EXPERT
World Headquarters 500 Frank W. Burr Blvd. Teaneck, NJ 07666 USA Phone: +1 201 801 0233 Fax: +1 201 801 0243 Toll Free: +1 888 937 3277 European Headquarters 1 Kingdom Street Paddington Central London W2 6BD England Phone: +44 (0) 20 7297 7600 Fax: +44 (0) 20 7121 0102 India Operations Headquarters #5/535 Old Mahabalipuram Road Okkiyam Pettai, Thoraipakkam Chennai, 600 096 India Phone: +91 (0) 44 4209 6000 Fax: +91 (0) 44 4209 6060 © Copyright 2017, Cognizant. All rights reserved. No part of this document may be reproduced, stored in a retrieval system, transmitted in any form or by any means,electronic, mechanical, photocopying, recording, or otherwise, without the express written permission from Cognizant. The information contained herein is subject to change without notice. All other trademarks mentioned herein are the property of their respective owners. TL Codex 2465 ABOUT COGNIZANT Cognizant (NASDAQ-100: CTSH) is one of the world’s leading professional services companies, transforming clients’ business, operating and technology models for the digital era. Our unique industry-based, consultative approach helps clients envision, build and run more innova- tive and efficient businesses. Headquartered in the U.S., Cognizant is ranked 230 on the Fortune 500 and is consistently listed among the most admired companies in the world. Learn how Cognizant helps clients lead with digital at www.cognizant.com or follow us @Cognizant.

Recomendados

Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...
Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...
Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...Dr Dev Kambhampati
 
Io t business-index-2020-securing-iot
Io t business-index-2020-securing-iotIo t business-index-2020-securing-iot
Io t business-index-2020-securing-iotramesh209
 
Internet of things
Internet of thingsInternet of things
Internet of thingsvarungoyal98
 
188
188188
188vivatechijri
 
SECURITY ISSUES IN USING IOT ENABLED DEVICES AND THEIR IMPACT
SECURITY ISSUES IN USING IOT ENABLED DEVICES AND THEIR IMPACTSECURITY ISSUES IN USING IOT ENABLED DEVICES AND THEIR IMPACT
SECURITY ISSUES IN USING IOT ENABLED DEVICES AND THEIR IMPACTvishal dineshkumar soni
 
Developing surveillance challenges in theinternet of things
Developing surveillance challenges in theinternet of thingsDeveloping surveillance challenges in theinternet of things
Developing surveillance challenges in theinternet of thingsDr. Raghavendra GS
 
Cybersecurity in the Age of Mobility
Cybersecurity in the Age of MobilityCybersecurity in the Age of Mobility
Cybersecurity in the Age of MobilityBooz Allen Hamilton
 
509286-Aki_Koivu-Review
509286-Aki_Koivu-Review509286-Aki_Koivu-Review
509286-Aki_Koivu-ReviewAki Koivu
 

Recomendados

Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...
Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...
Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...Dr Dev Kambhampati
 
Io t business-index-2020-securing-iot
Io t business-index-2020-securing-iotIo t business-index-2020-securing-iot
Io t business-index-2020-securing-iotramesh209
 
Internet of things
Internet of thingsInternet of things
Internet of thingsvarungoyal98
 
188
188188
188vivatechijri
 
SECURITY ISSUES IN USING IOT ENABLED DEVICES AND THEIR IMPACT
SECURITY ISSUES IN USING IOT ENABLED DEVICES AND THEIR IMPACTSECURITY ISSUES IN USING IOT ENABLED DEVICES AND THEIR IMPACT
SECURITY ISSUES IN USING IOT ENABLED DEVICES AND THEIR IMPACTvishal dineshkumar soni
 
Developing surveillance challenges in theinternet of things
Developing surveillance challenges in theinternet of thingsDeveloping surveillance challenges in theinternet of things
Developing surveillance challenges in theinternet of thingsDr. Raghavendra GS
 
Cybersecurity in the Age of Mobility
Cybersecurity in the Age of MobilityCybersecurity in the Age of Mobility
Cybersecurity in the Age of MobilityBooz Allen Hamilton
 
509286-Aki_Koivu-Review
509286-Aki_Koivu-Review509286-Aki_Koivu-Review
509286-Aki_Koivu-ReviewAki Koivu
 
PulseSecure_Report_HybridIT_120715
PulseSecure_Report_HybridIT_120715PulseSecure_Report_HybridIT_120715
PulseSecure_Report_HybridIT_120715Jim Romeo
 
A Study on Device Oriented Security Challenges in Internet of Things (IoT)
A Study on Device Oriented Security Challenges in Internet of Things (IoT)A Study on Device Oriented Security Challenges in Internet of Things (IoT)
A Study on Device Oriented Security Challenges in Internet of Things (IoT)Eswar Publications
 
Cybersecurity in the Era of IoT
Cybersecurity in the Era of IoTCybersecurity in the Era of IoT
Cybersecurity in the Era of IoTAmy Daly
 
Class activity 4
Class activity 4 Class activity 4
Class activity 4 Jeewanthi Fernando
 
76 s201918
76 s20191876 s201918
76 s201918IJRAT
 
The Essential Ingredient for Today's Enterprise
The Essential Ingredient for Today's EnterpriseThe Essential Ingredient for Today's Enterprise
The Essential Ingredient for Today's EnterpriseReadWrite
 
Internet & iot security
Internet & iot securityInternet & iot security
Internet & iot securityUsman Anjum
 
Wireless survey-report-saa-2016
Wireless survey-report-saa-2016Wireless survey-report-saa-2016
Wireless survey-report-saa-2016Samir Kotarwar
 
A Novel Security Approach for Communication using IOT
A Novel Security Approach for Communication using IOTA Novel Security Approach for Communication using IOT
A Novel Security Approach for Communication using IOTIJEACS
 
An Empirical Study on Information Security
An Empirical Study on Information SecurityAn Empirical Study on Information Security
An Empirical Study on Information Securityijtsrd
 
Malware threat analysis techniques and approaches for IoT applications: a review
Malware threat analysis techniques and approaches for IoT applications: a reviewMalware threat analysis techniques and approaches for IoT applications: a review
Malware threat analysis techniques and approaches for IoT applications: a reviewjournalBEEI
 
WIRELESS DEFENSE STRATEGIES IN THE IOT ERA
WIRELESS DEFENSE STRATEGIES IN THE IOT ERAWIRELESS DEFENSE STRATEGIES IN THE IOT ERA
WIRELESS DEFENSE STRATEGIES IN THE IOT ERAAharon Aharon
 
U S Embassy Event - Today’S Cyber Threats
U S Embassy Event - Today’S Cyber ThreatsU S Embassy Event - Today’S Cyber Threats
U S Embassy Event - Today’S Cyber ThreatsNarinrit Prem-apiwathanokul
 
Chapter 3.docx
Chapter 3.docxChapter 3.docx
Chapter 3.docxAmir Khan
 
Io t security_review_blockchain_solutions
Io t security_review_blockchain_solutionsIo t security_review_blockchain_solutions
Io t security_review_blockchain_solutionsShyam Goyal
 
Challenges and Security Issues in Future IT Infrastructure Components
Challenges and Security Issues in Future IT Infrastructure ComponentsChallenges and Security Issues in Future IT Infrastructure Components
Challenges and Security Issues in Future IT Infrastructure ComponentsMubashir Ali
 
Security Issues & Threats in IoT Infrastructure
Security Issues & Threats in IoT InfrastructureSecurity Issues & Threats in IoT Infrastructure
Security Issues & Threats in IoT InfrastructureIJAEMSJORNAL
 
Anti-Fraud Datasheet
Anti-Fraud DatasheetAnti-Fraud Datasheet
Anti-Fraud DatasheetMani Rai
 
First line of defense for cybersecurity : AI
First line of defense for cybersecurity : AIFirst line of defense for cybersecurity : AI
First line of defense for cybersecurity : AIAhmed Banafa
 
ICS_WhitePaper_Darktrace
ICS_WhitePaper_DarktraceICS_WhitePaper_Darktrace
ICS_WhitePaper_DarktraceAustin Eppstein
 
Blockchain in Manufacturing: Enhancing Trust, Cutting Costs and Lubricating P...
Blockchain in Manufacturing: Enhancing Trust, Cutting Costs and Lubricating P...Blockchain in Manufacturing: Enhancing Trust, Cutting Costs and Lubricating P...
Blockchain in Manufacturing: Enhancing Trust, Cutting Costs and Lubricating P...Cognizant
 
The Rise of the Smart Product Economy
The Rise of the Smart Product EconomyThe Rise of the Smart Product Economy
The Rise of the Smart Product EconomyCognizant
 

Más contenido relacionado

La actualidad más candente

PulseSecure_Report_HybridIT_120715
PulseSecure_Report_HybridIT_120715PulseSecure_Report_HybridIT_120715
PulseSecure_Report_HybridIT_120715Jim Romeo
 
A Study on Device Oriented Security Challenges in Internet of Things (IoT)
A Study on Device Oriented Security Challenges in Internet of Things (IoT)A Study on Device Oriented Security Challenges in Internet of Things (IoT)
A Study on Device Oriented Security Challenges in Internet of Things (IoT)Eswar Publications
 
Cybersecurity in the Era of IoT
Cybersecurity in the Era of IoTCybersecurity in the Era of IoT
Cybersecurity in the Era of IoTAmy Daly
 
76 s201918
76 s20191876 s201918
76 s201918IJRAT
 
The Essential Ingredient for Today's Enterprise
The Essential Ingredient for Today's EnterpriseThe Essential Ingredient for Today's Enterprise
The Essential Ingredient for Today's EnterpriseReadWrite
 
Internet & iot security
Internet & iot securityInternet & iot security
Internet & iot securityUsman Anjum
 
Wireless survey-report-saa-2016
Wireless survey-report-saa-2016Wireless survey-report-saa-2016
Wireless survey-report-saa-2016Samir Kotarwar
 
A Novel Security Approach for Communication using IOT
A Novel Security Approach for Communication using IOTA Novel Security Approach for Communication using IOT
A Novel Security Approach for Communication using IOTIJEACS
 
An Empirical Study on Information Security
An Empirical Study on Information SecurityAn Empirical Study on Information Security
An Empirical Study on Information Securityijtsrd
 
Malware threat analysis techniques and approaches for IoT applications: a review
Malware threat analysis techniques and approaches for IoT applications: a reviewMalware threat analysis techniques and approaches for IoT applications: a review
Malware threat analysis techniques and approaches for IoT applications: a reviewjournalBEEI
 
WIRELESS DEFENSE STRATEGIES IN THE IOT ERA
WIRELESS DEFENSE STRATEGIES IN THE IOT ERAWIRELESS DEFENSE STRATEGIES IN THE IOT ERA
WIRELESS DEFENSE STRATEGIES IN THE IOT ERAAharon Aharon
 
Chapter 3.docx
Chapter 3.docxChapter 3.docx
Chapter 3.docxAmir Khan
 
Io t security_review_blockchain_solutions
Io t security_review_blockchain_solutionsIo t security_review_blockchain_solutions
Io t security_review_blockchain_solutionsShyam Goyal
 
Challenges and Security Issues in Future IT Infrastructure Components
Challenges and Security Issues in Future IT Infrastructure ComponentsChallenges and Security Issues in Future IT Infrastructure Components
Challenges and Security Issues in Future IT Infrastructure ComponentsMubashir Ali
 
Security Issues & Threats in IoT Infrastructure
Security Issues & Threats in IoT InfrastructureSecurity Issues & Threats in IoT Infrastructure
Security Issues & Threats in IoT InfrastructureIJAEMSJORNAL
 
Anti-Fraud Datasheet
Anti-Fraud DatasheetAnti-Fraud Datasheet
Anti-Fraud DatasheetMani Rai
 
First line of defense for cybersecurity : AI
First line of defense for cybersecurity : AIFirst line of defense for cybersecurity : AI
First line of defense for cybersecurity : AIAhmed Banafa
 
ICS_WhitePaper_Darktrace
ICS_WhitePaper_DarktraceICS_WhitePaper_Darktrace
ICS_WhitePaper_DarktraceAustin Eppstein
 

La actualidad más candente (20)

PulseSecure_Report_HybridIT_120715
PulseSecure_Report_HybridIT_120715PulseSecure_Report_HybridIT_120715
PulseSecure_Report_HybridIT_120715
 
A Study on Device Oriented Security Challenges in Internet of Things (IoT)
A Study on Device Oriented Security Challenges in Internet of Things (IoT)A Study on Device Oriented Security Challenges in Internet of Things (IoT)
A Study on Device Oriented Security Challenges in Internet of Things (IoT)
 
Cybersecurity in the Era of IoT
Cybersecurity in the Era of IoTCybersecurity in the Era of IoT
Cybersecurity in the Era of IoT
 
Class activity 4
Class activity 4 Class activity 4
Class activity 4
 
76 s201918
76 s20191876 s201918
76 s201918
 
The Essential Ingredient for Today's Enterprise
The Essential Ingredient for Today's EnterpriseThe Essential Ingredient for Today's Enterprise
The Essential Ingredient for Today's Enterprise
 
Internet & iot security
Internet & iot securityInternet & iot security
Internet & iot security
 
Wireless survey-report-saa-2016
Wireless survey-report-saa-2016Wireless survey-report-saa-2016
Wireless survey-report-saa-2016
 
A Novel Security Approach for Communication using IOT
A Novel Security Approach for Communication using IOTA Novel Security Approach for Communication using IOT
A Novel Security Approach for Communication using IOT
 
An Empirical Study on Information Security
An Empirical Study on Information SecurityAn Empirical Study on Information Security
An Empirical Study on Information Security
 
Malware threat analysis techniques and approaches for IoT applications: a review
Malware threat analysis techniques and approaches for IoT applications: a reviewMalware threat analysis techniques and approaches for IoT applications: a review
Malware threat analysis techniques and approaches for IoT applications: a review
 
WIRELESS DEFENSE STRATEGIES IN THE IOT ERA
WIRELESS DEFENSE STRATEGIES IN THE IOT ERAWIRELESS DEFENSE STRATEGIES IN THE IOT ERA
WIRELESS DEFENSE STRATEGIES IN THE IOT ERA
 
U S Embassy Event - Today’S Cyber Threats
U S Embassy Event - Today’S Cyber ThreatsU S Embassy Event - Today’S Cyber Threats
U S Embassy Event - Today’S Cyber Threats
 
Chapter 3.docx
Chapter 3.docxChapter 3.docx
Chapter 3.docx
 
Io t security_review_blockchain_solutions
Io t security_review_blockchain_solutionsIo t security_review_blockchain_solutions
Io t security_review_blockchain_solutions
 
Challenges and Security Issues in Future IT Infrastructure Components
Challenges and Security Issues in Future IT Infrastructure ComponentsChallenges and Security Issues in Future IT Infrastructure Components
Challenges and Security Issues in Future IT Infrastructure Components
 
Security Issues & Threats in IoT Infrastructure
Security Issues & Threats in IoT InfrastructureSecurity Issues & Threats in IoT Infrastructure
Security Issues & Threats in IoT Infrastructure
 
Anti-Fraud Datasheet
Anti-Fraud DatasheetAnti-Fraud Datasheet
Anti-Fraud Datasheet
 
First line of defense for cybersecurity : AI
First line of defense for cybersecurity : AIFirst line of defense for cybersecurity : AI
First line of defense for cybersecurity : AI
 
ICS_WhitePaper_Darktrace
ICS_WhitePaper_DarktraceICS_WhitePaper_Darktrace
ICS_WhitePaper_Darktrace
 

Destacado

Blockchain in Manufacturing: Enhancing Trust, Cutting Costs and Lubricating P...
Blockchain in Manufacturing: Enhancing Trust, Cutting Costs and Lubricating P...Blockchain in Manufacturing: Enhancing Trust, Cutting Costs and Lubricating P...
Blockchain in Manufacturing: Enhancing Trust, Cutting Costs and Lubricating P...Cognizant
 
The Rise of the Smart Product Economy
The Rise of the Smart Product EconomyThe Rise of the Smart Product Economy
The Rise of the Smart Product EconomyCognizant
 
How Blockchain Can Help Retailers Fight Fraud, Boost Margins and Build Brands
How Blockchain Can Help Retailers Fight Fraud, Boost Margins and Build BrandsHow Blockchain Can Help Retailers Fight Fraud, Boost Margins and Build Brands
How Blockchain Can Help Retailers Fight Fraud, Boost Margins and Build BrandsCognizant
 
Organizational Change Management: A Make or Break Capability for Digital Success
Organizational Change Management: A Make or Break Capability for Digital SuccessOrganizational Change Management: A Make or Break Capability for Digital Success
Organizational Change Management: A Make or Break Capability for Digital SuccessCognizant
 
Intelligent Automation: Exploring Enterprise Opportunities for Systems that D...
Intelligent Automation: Exploring Enterprise Opportunities for Systems that D...Intelligent Automation: Exploring Enterprise Opportunities for Systems that D...
Intelligent Automation: Exploring Enterprise Opportunities for Systems that D...Cognizant
 
Digital Process Acupuncture: How Small Changes Can Heal Business, and Spark B...
Digital Process Acupuncture: How Small Changes Can Heal Business, and Spark B...Digital Process Acupuncture: How Small Changes Can Heal Business, and Spark B...
Digital Process Acupuncture: How Small Changes Can Heal Business, and Spark B...Cognizant
 
Using Containers to More Effectively Manage DevOps Continuous Integration
Using Containers to More Effectively Manage DevOps Continuous IntegrationUsing Containers to More Effectively Manage DevOps Continuous Integration
Using Containers to More Effectively Manage DevOps Continuous IntegrationCognizant
 
The Chatbot Imperative: Intelligence, Personalization and Utilitarian Design
The Chatbot Imperative: Intelligence, Personalization and Utilitarian DesignThe Chatbot Imperative: Intelligence, Personalization and Utilitarian Design
The Chatbot Imperative: Intelligence, Personalization and Utilitarian DesignCognizant
 
The Blockchain Imperative: The Next Challenge for P&C Carriers
The Blockchain Imperative: The Next Challenge for P&C CarriersThe Blockchain Imperative: The Next Challenge for P&C Carriers
The Blockchain Imperative: The Next Challenge for P&C CarriersCognizant
 
Getting Digital Right
Getting Digital RightGetting Digital Right
Getting Digital RightCognizant
 
Digital Business 2020: Getting There from Here, Part II
Digital Business 2020: Getting There from Here, Part IIDigital Business 2020: Getting There from Here, Part II
Digital Business 2020: Getting There from Here, Part IICognizant
 
Beyond Omnichannel: Determining the Right Channel Mix
Beyond Omnichannel: Determining the Right Channel MixBeyond Omnichannel: Determining the Right Channel Mix
Beyond Omnichannel: Determining the Right Channel MixCognizant
 
Running at the Speed of Digital: Hyper-Digital Information Management
Running at the Speed of Digital: Hyper-Digital Information ManagementRunning at the Speed of Digital: Hyper-Digital Information Management
Running at the Speed of Digital: Hyper-Digital Information ManagementCognizant
 
Financial Services: Building Blockchain One Block at a Time
Financial Services: Building Blockchain One Block at a TimeFinancial Services: Building Blockchain One Block at a Time
Financial Services: Building Blockchain One Block at a TimeCognizant
 
People — Not Just Machines — Will Power Digital Innovation
People — Not Just Machines — Will Power Digital InnovationPeople — Not Just Machines — Will Power Digital Innovation
People — Not Just Machines — Will Power Digital InnovationCognizant
 
Asia Rising: Digital Driving
Asia Rising: Digital DrivingAsia Rising: Digital Driving
Asia Rising: Digital DrivingCognizant
 
Enterprise Application Services: Moving Business into the Digital Age
Enterprise Application Services: Moving Business into the Digital AgeEnterprise Application Services: Moving Business into the Digital Age
Enterprise Application Services: Moving Business into the Digital AgeCognizant
 
Orchestrating a Supply Chain Competitive Edge
Orchestrating a Supply Chain Competitive EdgeOrchestrating a Supply Chain Competitive Edge
Orchestrating a Supply Chain Competitive EdgeCognizant
 
Back to Basics for Communications Service Providers
Back to Basics for Communications Service ProvidersBack to Basics for Communications Service Providers
Back to Basics for Communications Service ProvidersCognizant
 

Destacado (20)

Blockchain in Manufacturing: Enhancing Trust, Cutting Costs and Lubricating P...
Blockchain in Manufacturing: Enhancing Trust, Cutting Costs and Lubricating P...Blockchain in Manufacturing: Enhancing Trust, Cutting Costs and Lubricating P...
Blockchain in Manufacturing: Enhancing Trust, Cutting Costs and Lubricating P...
 
The Rise of the Smart Product Economy
The Rise of the Smart Product EconomyThe Rise of the Smart Product Economy
The Rise of the Smart Product Economy
 
How Blockchain Can Help Retailers Fight Fraud, Boost Margins and Build Brands
How Blockchain Can Help Retailers Fight Fraud, Boost Margins and Build BrandsHow Blockchain Can Help Retailers Fight Fraud, Boost Margins and Build Brands
How Blockchain Can Help Retailers Fight Fraud, Boost Margins and Build Brands
 
Organizational Change Management: A Make or Break Capability for Digital Success
Organizational Change Management: A Make or Break Capability for Digital SuccessOrganizational Change Management: A Make or Break Capability for Digital Success
Organizational Change Management: A Make or Break Capability for Digital Success
 
Intelligent Automation: Exploring Enterprise Opportunities for Systems that D...
Intelligent Automation: Exploring Enterprise Opportunities for Systems that D...Intelligent Automation: Exploring Enterprise Opportunities for Systems that D...
Intelligent Automation: Exploring Enterprise Opportunities for Systems that D...
 
Digital Process Acupuncture: How Small Changes Can Heal Business, and Spark B...
Digital Process Acupuncture: How Small Changes Can Heal Business, and Spark B...Digital Process Acupuncture: How Small Changes Can Heal Business, and Spark B...
Digital Process Acupuncture: How Small Changes Can Heal Business, and Spark B...
 
Using Containers to More Effectively Manage DevOps Continuous Integration
Using Containers to More Effectively Manage DevOps Continuous IntegrationUsing Containers to More Effectively Manage DevOps Continuous Integration
Using Containers to More Effectively Manage DevOps Continuous Integration
 
The Chatbot Imperative: Intelligence, Personalization and Utilitarian Design
The Chatbot Imperative: Intelligence, Personalization and Utilitarian DesignThe Chatbot Imperative: Intelligence, Personalization and Utilitarian Design
The Chatbot Imperative: Intelligence, Personalization and Utilitarian Design
 
The Blockchain Imperative: The Next Challenge for P&C Carriers
The Blockchain Imperative: The Next Challenge for P&C CarriersThe Blockchain Imperative: The Next Challenge for P&C Carriers
The Blockchain Imperative: The Next Challenge for P&C Carriers
 
Getting Digital Right
Getting Digital RightGetting Digital Right
Getting Digital Right
 
Business blackout
Business blackoutBusiness blackout
Business blackout
 
Digital Business 2020: Getting There from Here, Part II
Digital Business 2020: Getting There from Here, Part IIDigital Business 2020: Getting There from Here, Part II
Digital Business 2020: Getting There from Here, Part II
 
Beyond Omnichannel: Determining the Right Channel Mix
Beyond Omnichannel: Determining the Right Channel MixBeyond Omnichannel: Determining the Right Channel Mix
Beyond Omnichannel: Determining the Right Channel Mix
 
Running at the Speed of Digital: Hyper-Digital Information Management
Running at the Speed of Digital: Hyper-Digital Information ManagementRunning at the Speed of Digital: Hyper-Digital Information Management
Running at the Speed of Digital: Hyper-Digital Information Management
 
Financial Services: Building Blockchain One Block at a Time
Financial Services: Building Blockchain One Block at a TimeFinancial Services: Building Blockchain One Block at a Time
Financial Services: Building Blockchain One Block at a Time
 
People — Not Just Machines — Will Power Digital Innovation
People — Not Just Machines — Will Power Digital InnovationPeople — Not Just Machines — Will Power Digital Innovation
People — Not Just Machines — Will Power Digital Innovation
 
Asia Rising: Digital Driving
Asia Rising: Digital DrivingAsia Rising: Digital Driving
Asia Rising: Digital Driving
 
Enterprise Application Services: Moving Business into the Digital Age
Enterprise Application Services: Moving Business into the Digital AgeEnterprise Application Services: Moving Business into the Digital Age
Enterprise Application Services: Moving Business into the Digital Age
 
Orchestrating a Supply Chain Competitive Edge
Orchestrating a Supply Chain Competitive EdgeOrchestrating a Supply Chain Competitive Edge
Orchestrating a Supply Chain Competitive Edge
 
Back to Basics for Communications Service Providers
Back to Basics for Communications Service ProvidersBack to Basics for Communications Service Providers
Back to Basics for Communications Service Providers
 

Similar a Safeguarding the Internet of Things

Secure your Future with IoT Security Testing | Application Security
Secure your Future with IoT Security Testing | Application SecuritySecure your Future with IoT Security Testing | Application Security
Secure your Future with IoT Security Testing | Application SecurityCigniti Technologies Ltd
 
Security Challenges in IoT Software Development and Possible Solutions.pdf
Security Challenges in IoT Software Development and Possible Solutions.pdfSecurity Challenges in IoT Software Development and Possible Solutions.pdf
Security Challenges in IoT Software Development and Possible Solutions.pdfJPLoft Solutions
 
A Survey Report on : Security & Challenges in Internet of Things
A Survey Report on : Security & Challenges in Internet of ThingsA Survey Report on : Security & Challenges in Internet of Things
A Survey Report on : Security & Challenges in Internet of Thingsijsrd.com
 
Security Issues in IoT-Based Environments
Security Issues in IoT-Based EnvironmentsSecurity Issues in IoT-Based Environments
Security Issues in IoT-Based EnvironmentsIRJET Journal
 
Security Issues in IoT-Based Environments
Security Issues in IoT-Based EnvironmentsSecurity Issues in IoT-Based Environments
Security Issues in IoT-Based EnvironmentsIRJET Journal
 
VET4SBO Level 2 module 6 - unit 4 - v0.9 en
VET4SBO Level 2 module 6 - unit 4 - v0.9 enVET4SBO Level 2 module 6 - unit 4 - v0.9 en
VET4SBO Level 2 module 6 - unit 4 - v0.9 enKarel Van Isacker
 
Unlocking the Potential: A Comprehensive Guide to Understanding and Securing ...
Unlocking the Potential: A Comprehensive Guide to Understanding and Securing ...Unlocking the Potential: A Comprehensive Guide to Understanding and Securing ...
Unlocking the Potential: A Comprehensive Guide to Understanding and Securing ...cyberprosocial
 
Final Research Project - Securing IoT Devices What are the Challe.docx
Final Research Project - Securing IoT Devices What are the Challe.docxFinal Research Project - Securing IoT Devices What are the Challe.docx
Final Research Project - Securing IoT Devices What are the Challe.docxtjane3
 
Final Research Project - Securing IoT Devices What are the Challe.docx
Final Research Project - Securing IoT Devices What are the Challe.docxFinal Research Project - Securing IoT Devices What are the Challe.docx
Final Research Project - Securing IoT Devices What are the Challe.docxlmelaine
 
KSI for IoT Security - Turning Defence Into Offence - Guardtime Whitepaper
KSI for IoT Security - Turning Defence Into Offence - Guardtime WhitepaperKSI for IoT Security - Turning Defence Into Offence - Guardtime Whitepaper
KSI for IoT Security - Turning Defence Into Offence - Guardtime WhitepaperMartin Ruubel
 
White Paper: IoT Security – Protecting the Networked Society
White Paper: IoT Security – Protecting the Networked SocietyWhite Paper: IoT Security – Protecting the Networked Society
White Paper: IoT Security – Protecting the Networked SocietyEricsson
 
IOT and Security.pptx
IOT and Security.pptxIOT and Security.pptx
IOT and Security.pptxinfosec train
 
IOT and Security.pptx
IOT and Security.pptxIOT and Security.pptx
IOT and Security.pptxInfosectrain3
 
Deep Learning and Big Data technologies for IoT Security
Deep Learning and Big Data technologies for IoT SecurityDeep Learning and Big Data technologies for IoT Security
Deep Learning and Big Data technologies for IoT SecurityIRJET Journal
 
assignment help experts
assignment help expertsassignment help experts
assignment help experts#essaywriting
 
A survey on Internet of Things (IoT) security : Challenges and Current status
A survey on Internet of Things (IoT) security : Challenges and Current statusA survey on Internet of Things (IoT) security : Challenges and Current status
A survey on Internet of Things (IoT) security : Challenges and Current statusvivatechijri
 
IRJET - Cyber Security Threats and Vulnerabilities in IoT
IRJET - Cyber Security Threats and Vulnerabilities in IoTIRJET - Cyber Security Threats and Vulnerabilities in IoT
IRJET - Cyber Security Threats and Vulnerabilities in IoTIRJET Journal
 
Final Research Project - Securing IoT Devices What are the Challe.docx
Final Research Project - Securing IoT Devices What are the Challe.docxFinal Research Project - Securing IoT Devices What are the Challe.docx
Final Research Project - Securing IoT Devices What are the Challe.docxvoversbyobersby
 

Similar a Safeguarding the Internet of Things (20)

Cybersecurity in the Age of IoT - Skillmine
Cybersecurity in the Age of IoT - SkillmineCybersecurity in the Age of IoT - Skillmine
Cybersecurity in the Age of IoT - Skillmine
 
Secure your Future with IoT Security Testing | Application Security
Secure your Future with IoT Security Testing | Application SecuritySecure your Future with IoT Security Testing | Application Security
Secure your Future with IoT Security Testing | Application Security
 
Security Challenges in IoT Software Development and Possible Solutions.pdf
Security Challenges in IoT Software Development and Possible Solutions.pdfSecurity Challenges in IoT Software Development and Possible Solutions.pdf
Security Challenges in IoT Software Development and Possible Solutions.pdf
 
A Survey Report on : Security & Challenges in Internet of Things
A Survey Report on : Security & Challenges in Internet of ThingsA Survey Report on : Security & Challenges in Internet of Things
A Survey Report on : Security & Challenges in Internet of Things
 
Security Issues in IoT-Based Environments
Security Issues in IoT-Based EnvironmentsSecurity Issues in IoT-Based Environments
Security Issues in IoT-Based Environments
 
Security Issues in IoT-Based Environments
Security Issues in IoT-Based EnvironmentsSecurity Issues in IoT-Based Environments
Security Issues in IoT-Based Environments
 
VET4SBO Level 2 module 6 - unit 4 - v0.9 en
VET4SBO Level 2 module 6 - unit 4 - v0.9 enVET4SBO Level 2 module 6 - unit 4 - v0.9 en
VET4SBO Level 2 module 6 - unit 4 - v0.9 en
 
Unlocking the Potential: A Comprehensive Guide to Understanding and Securing ...
Unlocking the Potential: A Comprehensive Guide to Understanding and Securing ...Unlocking the Potential: A Comprehensive Guide to Understanding and Securing ...
Unlocking the Potential: A Comprehensive Guide to Understanding and Securing ...
 
Final Research Project - Securing IoT Devices What are the Challe.docx
Final Research Project - Securing IoT Devices What are the Challe.docxFinal Research Project - Securing IoT Devices What are the Challe.docx
Final Research Project - Securing IoT Devices What are the Challe.docx
 
Final Research Project - Securing IoT Devices What are the Challe.docx
Final Research Project - Securing IoT Devices What are the Challe.docxFinal Research Project - Securing IoT Devices What are the Challe.docx
Final Research Project - Securing IoT Devices What are the Challe.docx
 
KSI for IoT Security - Turning Defence Into Offence - Guardtime Whitepaper
KSI for IoT Security - Turning Defence Into Offence - Guardtime WhitepaperKSI for IoT Security - Turning Defence Into Offence - Guardtime Whitepaper
KSI for IoT Security - Turning Defence Into Offence - Guardtime Whitepaper
 
White Paper: IoT Security – Protecting the Networked Society
White Paper: IoT Security – Protecting the Networked SocietyWhite Paper: IoT Security – Protecting the Networked Society
White Paper: IoT Security – Protecting the Networked Society
 
IOT and Security.pptx
IOT and Security.pptxIOT and Security.pptx
IOT and Security.pptx
 
IOT and Security.pptx
IOT and Security.pptxIOT and Security.pptx
IOT and Security.pptx
 
Deep Learning and Big Data technologies for IoT Security
Deep Learning and Big Data technologies for IoT SecurityDeep Learning and Big Data technologies for IoT Security
Deep Learning and Big Data technologies for IoT Security
 
assignment help experts
assignment help expertsassignment help experts
assignment help experts
 
A survey on Internet of Things (IoT) security : Challenges and Current status
A survey on Internet of Things (IoT) security : Challenges and Current statusA survey on Internet of Things (IoT) security : Challenges and Current status
A survey on Internet of Things (IoT) security : Challenges and Current status
 
sample assignment
sample assignmentsample assignment
sample assignment
 
IRJET - Cyber Security Threats and Vulnerabilities in IoT
IRJET - Cyber Security Threats and Vulnerabilities in IoTIRJET - Cyber Security Threats and Vulnerabilities in IoT
IRJET - Cyber Security Threats and Vulnerabilities in IoT
 
Final Research Project - Securing IoT Devices What are the Challe.docx
Final Research Project - Securing IoT Devices What are the Challe.docxFinal Research Project - Securing IoT Devices What are the Challe.docx
Final Research Project - Securing IoT Devices What are the Challe.docx
 

Más de Cognizant

Using Adaptive Scrum to Tame Process Reverse Engineering in Data Analytics Pr...
Using Adaptive Scrum to Tame Process Reverse Engineering in Data Analytics Pr...Using Adaptive Scrum to Tame Process Reverse Engineering in Data Analytics Pr...
Using Adaptive Scrum to Tame Process Reverse Engineering in Data Analytics Pr...Cognizant
 
Data Modernization: Breaking the AI Vicious Cycle for Superior Decision-making
Data Modernization: Breaking the AI Vicious Cycle for Superior Decision-makingData Modernization: Breaking the AI Vicious Cycle for Superior Decision-making
Data Modernization: Breaking the AI Vicious Cycle for Superior Decision-makingCognizant
 
It Takes an Ecosystem: How Technology Companies Deliver Exceptional Experiences
It Takes an Ecosystem: How Technology Companies Deliver Exceptional ExperiencesIt Takes an Ecosystem: How Technology Companies Deliver Exceptional Experiences
It Takes an Ecosystem: How Technology Companies Deliver Exceptional ExperiencesCognizant
 
Intuition Engineered
Intuition EngineeredIntuition Engineered
Intuition EngineeredCognizant
 
The Work Ahead: Transportation and Logistics Delivering on the Digital-Physic...
The Work Ahead: Transportation and Logistics Delivering on the Digital-Physic...The Work Ahead: Transportation and Logistics Delivering on the Digital-Physic...
The Work Ahead: Transportation and Logistics Delivering on the Digital-Physic...Cognizant
 
Enhancing Desirability: Five Considerations for Winning Digital Initiatives
Enhancing Desirability: Five Considerations for Winning Digital InitiativesEnhancing Desirability: Five Considerations for Winning Digital Initiatives
Enhancing Desirability: Five Considerations for Winning Digital InitiativesCognizant
 
The Work Ahead in Manufacturing: Fulfilling the Agility Mandate
The Work Ahead in Manufacturing: Fulfilling the Agility MandateThe Work Ahead in Manufacturing: Fulfilling the Agility Mandate
The Work Ahead in Manufacturing: Fulfilling the Agility MandateCognizant
 
The Work Ahead in Higher Education: Repaving the Road for the Employees of To...
The Work Ahead in Higher Education: Repaving the Road for the Employees of To...The Work Ahead in Higher Education: Repaving the Road for the Employees of To...
The Work Ahead in Higher Education: Repaving the Road for the Employees of To...Cognizant
 
Engineering the Next-Gen Digital Claims Organisation for Australian General I...
Engineering the Next-Gen Digital Claims Organisation for Australian General I...Engineering the Next-Gen Digital Claims Organisation for Australian General I...
Engineering the Next-Gen Digital Claims Organisation for Australian General I...Cognizant
 
Profitability in the Direct-to-Consumer Marketplace: A Playbook for Media and...
Profitability in the Direct-to-Consumer Marketplace: A Playbook for Media and...Profitability in the Direct-to-Consumer Marketplace: A Playbook for Media and...
Profitability in the Direct-to-Consumer Marketplace: A Playbook for Media and...Cognizant
 
Green Rush: The Economic Imperative for Sustainability
Green Rush: The Economic Imperative for SustainabilityGreen Rush: The Economic Imperative for Sustainability
Green Rush: The Economic Imperative for SustainabilityCognizant
 
Policy Administration Modernization: Four Paths for Insurers
Policy Administration Modernization: Four Paths for InsurersPolicy Administration Modernization: Four Paths for Insurers
Policy Administration Modernization: Four Paths for InsurersCognizant
 
The Work Ahead in Utilities: Powering a Sustainable Future with Digital
The Work Ahead in Utilities: Powering a Sustainable Future with DigitalThe Work Ahead in Utilities: Powering a Sustainable Future with Digital
The Work Ahead in Utilities: Powering a Sustainable Future with DigitalCognizant
 
AI in Media & Entertainment: Starting the Journey to Value
AI in Media & Entertainment: Starting the Journey to ValueAI in Media & Entertainment: Starting the Journey to Value
AI in Media & Entertainment: Starting the Journey to ValueCognizant
 
Operations Workforce Management: A Data-Informed, Digital-First Approach
Operations Workforce Management: A Data-Informed, Digital-First ApproachOperations Workforce Management: A Data-Informed, Digital-First Approach
Operations Workforce Management: A Data-Informed, Digital-First ApproachCognizant
 
Five Priorities for Quality Engineering When Taking Banking to the Cloud
Five Priorities for Quality Engineering When Taking Banking to the CloudFive Priorities for Quality Engineering When Taking Banking to the Cloud
Five Priorities for Quality Engineering When Taking Banking to the CloudCognizant
 
Getting Ahead With AI: How APAC Companies Replicate Success by Remaining Focused
Getting Ahead With AI: How APAC Companies Replicate Success by Remaining FocusedGetting Ahead With AI: How APAC Companies Replicate Success by Remaining Focused
Getting Ahead With AI: How APAC Companies Replicate Success by Remaining FocusedCognizant
 
Crafting the Utility of the Future
Crafting the Utility of the FutureCrafting the Utility of the Future
Crafting the Utility of the FutureCognizant
 
Utilities Can Ramp Up CX with a Customer Data Platform
Utilities Can Ramp Up CX with a Customer Data PlatformUtilities Can Ramp Up CX with a Customer Data Platform
Utilities Can Ramp Up CX with a Customer Data PlatformCognizant
 
The Work Ahead in Intelligent Automation: Coping with Complexity in a Post-Pa...
The Work Ahead in Intelligent Automation: Coping with Complexity in a Post-Pa...The Work Ahead in Intelligent Automation: Coping with Complexity in a Post-Pa...
The Work Ahead in Intelligent Automation: Coping with Complexity in a Post-Pa...Cognizant
 

Más de Cognizant (20)

Using Adaptive Scrum to Tame Process Reverse Engineering in Data Analytics Pr...
Using Adaptive Scrum to Tame Process Reverse Engineering in Data Analytics Pr...Using Adaptive Scrum to Tame Process Reverse Engineering in Data Analytics Pr...
Using Adaptive Scrum to Tame Process Reverse Engineering in Data Analytics Pr...
 
Data Modernization: Breaking the AI Vicious Cycle for Superior Decision-making
Data Modernization: Breaking the AI Vicious Cycle for Superior Decision-makingData Modernization: Breaking the AI Vicious Cycle for Superior Decision-making
Data Modernization: Breaking the AI Vicious Cycle for Superior Decision-making
 
It Takes an Ecosystem: How Technology Companies Deliver Exceptional Experiences
It Takes an Ecosystem: How Technology Companies Deliver Exceptional ExperiencesIt Takes an Ecosystem: How Technology Companies Deliver Exceptional Experiences
It Takes an Ecosystem: How Technology Companies Deliver Exceptional Experiences
 
Intuition Engineered
Intuition EngineeredIntuition Engineered
Intuition Engineered
 
The Work Ahead: Transportation and Logistics Delivering on the Digital-Physic...
The Work Ahead: Transportation and Logistics Delivering on the Digital-Physic...The Work Ahead: Transportation and Logistics Delivering on the Digital-Physic...
The Work Ahead: Transportation and Logistics Delivering on the Digital-Physic...
 
Enhancing Desirability: Five Considerations for Winning Digital Initiatives
Enhancing Desirability: Five Considerations for Winning Digital InitiativesEnhancing Desirability: Five Considerations for Winning Digital Initiatives
Enhancing Desirability: Five Considerations for Winning Digital Initiatives
 
The Work Ahead in Manufacturing: Fulfilling the Agility Mandate
The Work Ahead in Manufacturing: Fulfilling the Agility MandateThe Work Ahead in Manufacturing: Fulfilling the Agility Mandate
The Work Ahead in Manufacturing: Fulfilling the Agility Mandate
 
The Work Ahead in Higher Education: Repaving the Road for the Employees of To...
The Work Ahead in Higher Education: Repaving the Road for the Employees of To...The Work Ahead in Higher Education: Repaving the Road for the Employees of To...
The Work Ahead in Higher Education: Repaving the Road for the Employees of To...
 
Engineering the Next-Gen Digital Claims Organisation for Australian General I...
Engineering the Next-Gen Digital Claims Organisation for Australian General I...Engineering the Next-Gen Digital Claims Organisation for Australian General I...
Engineering the Next-Gen Digital Claims Organisation for Australian General I...
 
Profitability in the Direct-to-Consumer Marketplace: A Playbook for Media and...
Profitability in the Direct-to-Consumer Marketplace: A Playbook for Media and...Profitability in the Direct-to-Consumer Marketplace: A Playbook for Media and...
Profitability in the Direct-to-Consumer Marketplace: A Playbook for Media and...
 
Green Rush: The Economic Imperative for Sustainability
Green Rush: The Economic Imperative for SustainabilityGreen Rush: The Economic Imperative for Sustainability
Green Rush: The Economic Imperative for Sustainability
 
Policy Administration Modernization: Four Paths for Insurers
Policy Administration Modernization: Four Paths for InsurersPolicy Administration Modernization: Four Paths for Insurers
Policy Administration Modernization: Four Paths for Insurers
 
The Work Ahead in Utilities: Powering a Sustainable Future with Digital
The Work Ahead in Utilities: Powering a Sustainable Future with DigitalThe Work Ahead in Utilities: Powering a Sustainable Future with Digital
The Work Ahead in Utilities: Powering a Sustainable Future with Digital
 
AI in Media & Entertainment: Starting the Journey to Value
AI in Media & Entertainment: Starting the Journey to ValueAI in Media & Entertainment: Starting the Journey to Value
AI in Media & Entertainment: Starting the Journey to Value
 
Operations Workforce Management: A Data-Informed, Digital-First Approach
Operations Workforce Management: A Data-Informed, Digital-First ApproachOperations Workforce Management: A Data-Informed, Digital-First Approach
Operations Workforce Management: A Data-Informed, Digital-First Approach
 
Five Priorities for Quality Engineering When Taking Banking to the Cloud
Five Priorities for Quality Engineering When Taking Banking to the CloudFive Priorities for Quality Engineering When Taking Banking to the Cloud
Five Priorities for Quality Engineering When Taking Banking to the Cloud
 
Getting Ahead With AI: How APAC Companies Replicate Success by Remaining Focused
Getting Ahead With AI: How APAC Companies Replicate Success by Remaining FocusedGetting Ahead With AI: How APAC Companies Replicate Success by Remaining Focused
Getting Ahead With AI: How APAC Companies Replicate Success by Remaining Focused
 
Crafting the Utility of the Future
Crafting the Utility of the FutureCrafting the Utility of the Future
Crafting the Utility of the Future
 
Utilities Can Ramp Up CX with a Customer Data Platform
Utilities Can Ramp Up CX with a Customer Data PlatformUtilities Can Ramp Up CX with a Customer Data Platform
Utilities Can Ramp Up CX with a Customer Data Platform
 
The Work Ahead in Intelligent Automation: Coping with Complexity in a Post-Pa...
The Work Ahead in Intelligent Automation: Coping with Complexity in a Post-Pa...The Work Ahead in Intelligent Automation: Coping with Complexity in a Post-Pa...
The Work Ahead in Intelligent Automation: Coping with Complexity in a Post-Pa...
 

Safeguarding the Internet of Things

  • 1. Cognizant Reports | May 2017 Safeguarding the Internet of Things While the Internet of Things promises real-time operational benefits, vulnerabilities can be easily exploited unless security is embedded from the inside out – from conception, deployment, and maintenance, to the network edge and across connected devices and infrastructures. COGNIZANT REPORTS
  • 2. Cognizant Reports Safeguarding the Internet of Things | 2 EXECUTIVE SUMMARY The rapid growth of the Internet of Things (IoT) has left enterprise networks and IoT devices extremely vulnerable to security breaches. Although this threat looms large for companies deploying IoT applications and infrastructures, most organizations’ security budgets do not account for securing their IoT subnetworks. That’s because current IoT devices and infrastructures are not equipped to avert today’s sophisticated attack methods. The heterogenous nature of device software, insufficient monitoring, and a lack of visibility into IoT devices only add to the complexity of safeguarding enterprise IoT ecosystems. At the same time, investing in highly secure IoT-based infrastructure can deliver a range of significant benefits, including: • Higher revenues from new business models. • Lower operational costs through optimized processes and seamless business operations. • Immediate access to clean, meaningful, and highly accurate data. • A superior user experience. To develop such an infrastructure, organizations need to build in security at every stage – fromapplicationconceptionanddesign,todeployment,operations,maintenance,upgrades, and retirement. Companies that have already implemented an IoT solution can consider an outside-in approach by undergoing an independent review of their infrastructure that includes: • Threat modeling across all security layers. • Tailored penetration testing and vulnerability assessment. • Review of common attack surface areas.
  • 3. Organizations that want to identify vulnerabilities and improve their security stance from the beginning should consider an inside-out approach that focuses on ensuring that key elements are embedded in their IoT solution: • Secure boot and hardware-based security controls. • Device authentication and secure data management. • A policy framework for governance. • Secure, over-the-air (OTA) updates. • Secure remote access. • Fail safe/self-awareness. • A layered security design. Cognizant Reports Safeguarding the Internet of Things | 3
  • 4. Cognizant Reports THE STATE OF IOT SECURITY The Internet of Things (IoT) is growing at a stunning pace – expected to account for 28.1 billion con- nected devices by 2020 (see Figure 1). 1 From an economic standpoint, linking the physical and digital worlds could generate up to $11.1 trillion a year by 2025. 2 Organizations that are using or plan to use the IoT will have to ensure that all IoT devices connected to their networks are highly secure; other- wise, they can be a potential entry point for network intrusions. Projected Number of IoT Connected Devices: 2015-2020 (billions) 13.1 16.3 19.2 22.2 25.2 28.1 2015 2016 2017 2018 2019 2020 Figure 1 Source: IDC, Worldwide and Regional IoT Forecasts, 2015 via Economist According to Gartner, spending on IoT security is expected to reach $547 million in 2018, 3 almost double the $281.54 billion expended in 2015. Gartner also predicts that by 2020 more than 25% of identified enterprise security breaches will involve the Internet of Things. Yet the IoT will account for less than 10% of IT security budgets. 4 Research indicates that a majority of IoT devices, such as SCADA systems, medical devices, critical infrastructure components, smart meters, and appli- ances, have insufficient security mechanisms. Furthermore, less than one-third use encryption to protect vital systems and safeguard the data coursing through their networks. 5 Poor communica- tion between IT teams and the low priority accorded to securing IoT data by top-level management are also proving to be major impediments to adequately safeguarding enterprise IoT environments (see Figure 2, next page). 6
  • 5. Cognizant Reports Safeguarding the Internet of Things | 5 ENTERPRISE IOT SECURITY CHALLENGES The very nature of IoT infrastructures poses numerous challenges to companies securing their IoT installations: Device & Infrastructure Vulnerabilities Because IoT infrastructures rely on both physical and virtual components, risks and vulnerabilities are compounded. This can overwhelm security administrators. Most IoT devices typically oper- ate outside organizational firewalls, yet connect directly to companies’ internal networks and applications  – significantly increasing their vul- nerability by extending the attack surface (i.e., the number of unprotected devices that attackers can target). Unprotected IoT devices in a network can be converted into bots by attackers, then used to attack third-party systems and extract data from communication channels. 7 Gartner says that security vendors will be challenged to provide usable IoT security features because of the limited assigned budgets for IoT, and orga- nizations’ decentralized approach to early IoT implementations. 8 IoT devices are predominantly single-purpose tools; their function is governed by sensors and the types of data they bring into an enterprise. Unlike their more evolved IT counterparts (smart- phones, desktops, and portable computers), IoT devices’ processing and storage capacity is strictly for functional purposes, and not intended to handle heavy-duty computing tasks, such as encryption, unless absolutely necessary (see Figure 3). Otherwise, the devices become easy Which of the Following Do You Believe Will be Your Organization’s One or Two Biggest Challenges Around IoT security? 41% 34% 34% 27% 25% 4% IT and OT Functions Working Together – Example: Technology Acknowledging IoT Devices – They are around and need to be secured Allocating Budget for Security for IoT Devices Solution Availability – Which are industry approporiate Lack of Personal Resources Others Figure 2 Source: Forescout, 2016 Top IoT Vulnerabilities 1 Unsecured Web Interface 2 Insufficient Authentication/Authorization 3 Unsecured Network Services 4 Lack of Transport Encryption/ Integrity Verification 5 Privacy Concerns 6 Unsecured Cloud Interface 7 Unsecured Mobile Interface 8 Insufficient Security Configurability 9 Unsecured Software/Firmware 10 Poor Physical Security Figure 3 Source: www.owasp.org
  • 6. Safeguarding the Internet of Things | 6 targets for potential hackers looking for the weakest link in the enterprise (see Figure 4). 9 As they evolve, IoT devices are expected to take on more complex tasks related to data collec- tion, communication, and analysis, which will enhance their autonomous decision-making capabilities. 10 Yet if left unprotected and without sufficient security controls, they will become the target of choice for attackers looking to steal raw and processed data (see Figure 5). The ease and effort involved in rectifying this issue Cognizant 20-20 Insights Percentage of Devices Vulnerable to Cyber-Penetration 80% 80% 70% 70% 60% Failed to require adequate password protection Raised serious privacy concerns Enabled hackers to identify user accounts Did not encrypt data to the Internet or local network Did not use encryption when downloading software Figure 4 Source: Hewlett Packard Enterprise Security Research, 2015 via Economist. Devices came from manufacturers of TVs, webcams, home thermostats, remote power outlets, sprinkler controllers, hubs for controlling multiple devices, door locks, home alarms, scales and garage door openers. All devices used mobile connections, and the majority were connected to a cloud service. Risks Increase as the IoT Matures Phase Function Dumb Basic Smart Semi-Autonomous Fully Autonomous Data Collection No Data No-Risk Data Moderate-Risk Data High-Risk Data Data Analysis No Analysis No Analysis Cloud Analysis Cloud + On-Device Decision Making No Decisions Human-Controlled Cloud-Based Cloud + On-Device Communications No Communications Cloud Read Cloud Read Write Machine-to-Machine Potential Impact Limited Moderate High Critical Figure 5 Source: Forrester and Cloudera
  • 7. Cognizant Reports Safeguarding the Internet of Things | 7 is directly proportional to the distance between the “break-in” point and the edge device – the entryway to enterprise networks, and where data collection takes place, followed by data analysis, policy decisions, communications, and applications. Software Heterogeneity By design, an IoT infrastructure establishes multiple connections – numbering in the bil- lions – between things, people, and other entities. Managing user permissions for these relation- ships is already a major challenge. Each IoT device comes with unique, manufacturer-supplied software and services, which can expose gaps in privacy, security, compliance, and transparency. These vulnerabilities are not only difficult to detect, they’re hard to resolve. Also, given these devices’ limited processing power and storage, running them on old and often unpatched oper- ating systems only increases risk. Software heterogeneity is evident in the vari- ety of protocols currently used by companies in industries that focus more on functionality than security. For example, the z-wave proto- col applies more to home automation and radio frequency-type devices, while MQTT or AMQP protocols are more suited to middleware for enterprise-grade devices. Since the identity of a device is the focal point of IoT security chal- lenges, standardizing protocols and applications for industries and contexts is a fundamental requirement when handling this level of diversity. Poor Visibility & Monitoring Securing any network requires that connected devices be visible and manageable. Yet when it comes to the Internet of Things, many organiza- tions fail to extend their security policies to IoT devices or gateways connected to home net- works. 11 Surprisingly, a 2014 study by Tripwire and Atomik Research reveals that a majority of employees who work in industries with criti- cal infrastructures routinely access company documents and e-mail from home, and on aver- age had 11 IoT devices connected to their home networks. 12 A survey conducted by ForeScout 13 found that half of the IT professionals surveyed lacked the ability to see, manage, and control the IoT devices connected in their network. This is largely due to the erratic adoption of available protocols and proprietary customiza- tions – rendering devices even more vulnerable. The challenge is to develop a consistent policy for exchanging and handling data securely within and across devices – from discovery to authenti- cation. Single-purpose devices tie themselves to their respective provider apps or cloud platforms, while general-purpose devices typically lack the ability to improvise or integrate a common authentication or policy-management solution to monitor them. SECURING AN ENTERPRISE IoT NETWORK Organizations must understand the extent to which IoT networks, related infrastructures, and ecosystems can evolve. Looking through the The challenge is to develop a consistent policy for exchanging and handling data securely within and across devices.
  • 8. Cognizant Reports Safeguarding the Internet of Things | 8 security prism at a high level, enterprises fall into two broad categories: • Those that have already implemented com- mercial IoT solutions/vendor products, with potential limitations concerning the level of security supported natively by underlying solutions. • Those that take the opportunity to engineer or integrate an IoT solution/platform with the intent to potentially incorporate industry standards or risk-driven security features into their IoT solutions or supporting ecosystem. The following recommendations can help com- panies decide where they stand in terms of IoT security, and what they need to do going forward. Review the Security of Existing IoT Solutions Companies that have already implemented an IoT solution should undergo an independent review to determine the resilience of their existing IoT environment. This requires them to: • Perform threat modeling at each security layer, including devices, gateways, and the connected cloud/ IT infrastructure. • Gather insights from the threat modeling; perform a tailored penetration test to assess vulnerabilities at each layer. The choice of static or dynamic analysis can be based on the availability of code. 14 • Review common attack surfaces, such as the communication protocol, authentication between endpoints, fail-safe devices, and the exposures associated with the hosting infra- structure, such as the gateways. • Enumerate attack routes, such as physi- cal access points, communication channels, connecting applications, interfaces, and consuming services. Figure 6 illustrates this point using two common industries: utilities (smart meters) and automotive (connected cars) as examples. This assessment should be tailored to each attack point in the respec- tive layers. Embed Security Throughout the Lifecycle Organizations betting heavily on an IoT solution/ appliance can improve their odds of success by focusing on security from the ideation stage. This can be done with a thoughtfully considered set of alternatives for authentication, data manage- ment, and control, keeping in mind the context Enumerate Attack Routes Attack Points Smart Meters Connected Cars Physical Access Disassembling to gain access to electronic components, communication buses Access to CAN/LIN networks; access through OBD connectors Communication Channels Zigbee, Zwave, 6LowPAN 3G/4G, Wifi, BLE, Satellite Radio, RBDS Connecting Applications, Interfaces Metering and control applications, mobile applications Mobile apps, media players, iPod, AUX, USB, SD cards Consuming Services Web services, RESTful APIs, cloud/ data aggregation IOT platforms Vendor platforms, open platforms (maps, navigation, weather) Figure 6 Source: Cognizant
  • 9. Safeguarding the Internet of Things | 9 Enterprises should develop strong device identification and authentication processes to ensure that only authenticated IoT devices are integrated with their centralized network. of the IoT devices’ physical operating boundar- ies, as well as the dependencies and independent factors governing them. This inside-out approach should consider the following parameters: • Secure boot and hardware-based security controls: The choice of microcontroller; the possibility of having trusted platform modules for segregating secure operations; the use of specialized security chips/coprocessors; and the application of cryptographic modules in line with standards such as FIPS 140-2 15 to determine the longevity of a design and the resilience of the finished product over time. • Device authentication and secure data management: The sophistication of authen- tication mechanisms is largely related to the choice of hardware and specifications. Authentication form factors (shared keys, user name/passwords, certificates, etc.) and current protocols (CoAP, 16 ZWave, 17 Bluetooth, etc.) are consolidating. Enterprises should develop strong device identification and authentication processes to ensure that only authenticated IoT devices are integrated with their centralized network. Extending this further, companies should ensure that devices have authorization restrictions and use encryption to secure code and data. Organizations should limit the data they collect and retain, and dispose of it once they no longer need it, since unprotected data can provide attackers with ways to jeopardize IoT networks. Placing data defenses near data sources will help reduce/eliminate the risks emanating from compromised data. • Policy framework for governance: A sound governance policy is critical for effectively managing devices, people, information, and other entities within an IoT environment. Device binaries should include signatures that identify them to a common gateway policy engine, and govern the devices through- out their lifecycle – from registration, to key management, OTA, and data communica- tion across the enterprise. Protocols such as OAUTH2 18 should be used as guidelines for securely sharing information. • Secure OTA updates: Performing OTA (over- the-air) updates is one of the most challenging elements of a robust product/solution. The process involves three distinct phases: secure production of the OTA bits, secure transport, Placing data defenses near data sources will help reduce/eliminate the risks emanating from compromised data.
  • 10. Cognizant Reports Safeguarding the Internet of Things | 10 and updating the bits on the target device. Updating binaries should take into account practical challenges, such as network band- width, security of the adopted channels (open, proprietary), and the time it will take to complete an update. Secure OTA binaries can employ basic Public Key Cryptographic Standards (PKCS) for secure packaging and messaging. This is key, since updated end- point security software is necessary to keep IoT devices from being compromised. • Secure remote access: Malicious attackers often target the most obvious vulnerabili- ties – weak admin credentials, open ports, and unpatched operating systems – to gain remote access. Companies should focus on improv- ing the resilience of these assets by carefully considering and strengthening their com- munication protocols, key management (and rotation) strategy, and their ability to render a compromised device to an uncompromised state in the event of a security breach. • Fail Safe/Self-Awareness: Enterprises should consider both external and extraneous factors such as weather and human actions (deliber- ate or inadvertent), which add dimensions to conventional threat modeling. Equipping IoT devices with contextual intelligence helps in building self-awareness. Using this oft- repeated software design principle comes in very handy in the connected world, par- ticularly since the context imposed on these devices is far more imposing than on a typi- cal software system. While advanced machine learning and artificial intelligence are still not commonplace, improvements in processing power and protocol standardization enable devices to fail safely and in context. Layered security design: Finally, organiza- tions should deploy security at all layers of IoT interactions, such as the device, app, and network layer (see Figure 7). Enterprise IoT security can be bolstered by using multiple layers of security, including security protocols, authentication/encryption, intrusion detection/ prevention systems, and firewalls. Positioning security mechanisms at each layer helps protect the overall network with safeguards at the device layer, ensures the integrity and security of data in transit over public communication networks, and secures data in the cloud. Companies should focus on improving resilience by carefully considering and strengthening their communication protocols, key management (and rotation) strategy, and their ability to render a compromised device to an uncompromised state in the event of a security breach.
  • 11. Cognizant Reports Safeguarding the Internet of Things | 11 Security at Multiple Layers of IOT Interactions Security in Every Layer Device Layer Secure booting Authenticity and integrity of software on the device. Device Authentication Machine authentication allows a device to access networks based on credentials from a secured storage area. App Layer Access Control Mandatory Access Control (MAC) or Role Based Access Control (RBAC) to ensure minimal access limited to a component. App Data Integrity and confidentiality of application data. Network Layer Firewalling and IPS Industry-specific protocol filtering and deep packet inspection capabilities are needed to identify malicious payloads hiding in non- IT protocols. Security Information & Event Monitoring (SIEM) Integration with network management and event correlation products. Signaling Integrity Ensuring the signal quality between various devices. Datagram & Signaling Confidentiality Maintaining UDP and electrical communication confidentiality. Figure 7 Cognizant App Data Integrity Access Control App Data Confidentiality A pp Layer N etw ork Layer Signaling Integrity Datagram Signalin ConfidentialitySIEM Network Authentication Device Layer Secure Booting Device Authentication Device Integrity GETTING THERE The Internet of Things promises to change the way enterprises operate, communicate, and compete. Yet along with their many advantages, IoT environments are highly visible and vulnerable to security breaches at various layers. To prevent and deflect these intrusions, companies must build in security from the very beginning – remembering that the Internet of Things involves both physical and virtual operating perimeters that must be properly governed and protected throughout the IoT ecosystem.
  • 12. Cognizant Reports Safeguarding the Internet of Things | 12 FOOTNOTES 1 “Securing the internet of things,” April 2016, Economist Intelligence Unit and Hewlett Packard Enterprise. https://hpe-enter- priseforward.com/eiu-securing-iot/ 2 “Unlocking the potential of the Internet of Things,” McKinsey Global Institute, June, 2015. http://www.mckinsey.com/busi- ness-functions/digital-mckinsey/our-insights/the-internet-of-things-the-value-of-digitizing-the-physical-world 3 “Gartner Says Worldwide IoT Security Spending to Reach $348 Million in 2016,” Gartner, April 25, 2016. http://www.gartner. com/newsroom/id/3291817 4 “Gartner Says Worldwide IoT Security Spending to Reach $348 Million in 2016,” Gartner, April 25, 2016. http://www.gartner. com/newsroom/id/3291817 5 “A primer on enterprise Internet of Things security planning,” The Economist, April 12, 2016. http://samsungbusiness.econo- mist.com/a-primer-on-enterprise-internet-of-things-security-planning/ 6 “The Internet of Things isn’t coming. It’s here.” ForeScout, June, 2016. https://www.forescout.com/wp-content/ uploads/2016/06/ForeScout-Webtorials-IoT-Security-Survey-Results-June-2016.pdf 7 “Internet of Things: Features, Challenges, and Vulnerabilities,” International Journal of Advanced Computer Science and Information Technology, Vol. 4, No. 1, 2015. https://pdfs.semanticscholar.org/ab0a/90ddd8208234e7335b1cc175b49461c- 2bae5.pdf 8 “Gartner Says Worldwide IoT Security Spending to Reach $348 Million in 2016,” Gartner. April 25, 2016. http://www.gartner. com/newsroom/id/3291817 9 “Securing the internet of things,” April, 2016. Economist Intelligence Unit and Hewlett Packard Enterprise. https://hpe-enter- priseforward.com/eiu-securing-iot/ 10 “Secure IoT as It Advances through Maturity Phases,” January, 2016. Forrester and Cloudera. https://www.cloudera.com/ content/dam/www/static/documents/analyst-reports/forrester-secure-iot-as-it-advances-through-maturity-phases.pdf 11 “Survey Identifies Internet of Things (IoT) Security Challenges for the Connected Enterprise,” June 2016, ForeScout, https:// www.forescout.com/company/news/press-release/survey-identifies-internet-things-iot-security-challenges-connected-enter- prise/ 12 “3 Best Practices for protecting against IoT cross-contamination risks,” April, 2016. The Economist, http://samsungbusiness. economist.com/3-best-practices-for-protecting-against-iot-cross-contamination-risks/ 13 “Survey Identifies Internet of Things (IoT) Security Challenges for the Connected Enterprise,” June, 2016. ForeScout. https:// www.forescout.com/company/news/press-release/survey-identifies-internet-things-iot-security-challenges-connected-enter- prise/ 14 Static code analysis is done without executing any of the code; dynamic code analysis relies on studying how the code behaves during execution. September, 2010. www.computerweekly.com 15 The Federal Information Processing Standard (FIPS) Publication 140-2, (FIPS PUB 140-2) is a U.S. government computer secu- rity standard used to approve cryptographic modules. https://en.wikipedia.org/wiki/FIPS_140-2 16 The Constrained Application Protocol (CoAP) is a specialized web transfer protocol for use with constrained nodes and constrained networks in the Internet of Things. The protocol is designed for machine-to-machine (M2M) applications such as smart energy and building automation. http://coap.technology/ 17 The Z-Wave protocol is an interoperable, wireless, RF-based communications technology designed specifically for control, monitoring and status reading applications in residential and light commercial environments. http://z-wavealliance.org/ about_z-wave_technology/ 18 OAuth 2.0 focuses on client developer simplicity while providing specific authorization flows for web applications, desktop applications, mobile phones, and living room devices. https://oauth.net/2/ 19 “Security In The Internet of Things,” 2015, Wind River Systems, Inc. https://www.windriver.com/whitepapers/security-in-the- internet-of-things/wr_security-in-the-internet-of-things.pdf
  • 13. Cognizant Reports Safeguarding the Internet of Things | 13 AUTHOR & ANALYST Aala Santhosh Reddy Senior Researcher Cognizant Research Center Srinivasan Ganesh Chief Architect – Technology EBA-ERSS Cognizant Corporation SUBJECT MATTER EXPERT
  • 14. World Headquarters 500 Frank W. Burr Blvd. Teaneck, NJ 07666 USA Phone: +1 201 801 0233 Fax: +1 201 801 0243 Toll Free: +1 888 937 3277 European Headquarters 1 Kingdom Street Paddington Central London W2 6BD England Phone: +44 (0) 20 7297 7600 Fax: +44 (0) 20 7121 0102 India Operations Headquarters #5/535 Old Mahabalipuram Road Okkiyam Pettai, Thoraipakkam Chennai, 600 096 India Phone: +91 (0) 44 4209 6000 Fax: +91 (0) 44 4209 6060 © Copyright 2017, Cognizant. All rights reserved. No part of this document may be reproduced, stored in a retrieval system, transmitted in any form or by any means,electronic, mechanical, photocopying, recording, or otherwise, without the express written permission from Cognizant. The information contained herein is subject to change without notice. All other trademarks mentioned herein are the property of their respective owners. TL Codex 2465 ABOUT COGNIZANT Cognizant (NASDAQ-100: CTSH) is one of the world’s leading professional services companies, transforming clients’ business, operating and technology models for the digital era. Our unique industry-based, consultative approach helps clients envision, build and run more innova- tive and efficient businesses. Headquartered in the U.S., Cognizant is ranked 230 on the Fortune 500 and is consistently listed among the most admired companies in the world. Learn how Cognizant helps clients lead with digital at www.cognizant.com or follow us @Cognizant.