Is there any idea that isn’t a double-edged sword? For every good idea, there are roughly 9,387 ways to use that idea for bad purposes.
Case in point: The first Ford Model Ts were offered to the public in 1908. It took humanity centuries to figure out how to mass produce something as useful as the automobile. It only took John Dillinger 25 years to figure out how to use it to rob banks.
The internet of things (IoT) is no different.
Having internet-connected devices can be useful. For example, an asset connected to the IoT can tell your field service management software program it’s going to break before it even happens.
On the other hand, internet-connected devices could also be used for destructive ends, such as the instance when IoT-connected coffee machines and DVRs were used in a massive hack last October.
Don’t settle for a double-edged sword—use our four IoT security tips below, and turn your IoT strategy into a technological samurai sword: strong and single-edged.
1. Use an IoT security pattern to identify vulnerabilities
It’s tempting to want to jump right into using the IoT, given how much it can do for your business. But that’s not the best idea. Every connected device you add is another way into your network for a hacker. Jumping in without considering security is like adding doors and windows to a building without adding locks.
Gartner analyst, Earl Perkins recommends using an IoT implementation design pattern to determine potential areas of risk. What’s an IoT design pattern? It’s a map of all the devices, sensors and computers you need to get your IoT plan working. (Full report available to Gartner clients.)
More generally, a design patterns are, according to Michael Koster, “reusable solutions to common problems.”
Koster offers a pithy example: “Three different design patterns to handle traffic flow at a road intersection are stop signs, traffic lights, and roundabouts.”
In the same way those design patterns keep an intersection secure, an IoT design pattern can make your networks secure.
- The first step in designing your map is to figure out whether your IoT design type is centralized, distributed, or hybrid
- The next step after this is to design a security pattern that matches your design type
There’s no one template you can use to design these patterns, as IoT deployments differ widely. However, Gartner’s research on setting up a security pattern is a good place to start. (Full content available to clients.)
Gartner recommends looking at IT security architecture principles, or operational technology (OT) principles. The same security best practices in those fields should also apply to IoT security.
2. Know where all your endpoints are
A security guard monitoring a building needs to know where all the doors and windows are. After all, if you don’t know where someone might sneak in, you can’t be fully protected.
Continuing the security guard metaphor, you should patrol an area the way they do, too. This could mean walking the floor to see where your assets are, but it can also take a more technologically advanced shape.
A computerized maintenance management software solution with digital asset tracking, such as Bigfoot or Nexgen, gives you an overall view of your assets, as well as how secure they are, and how well they’re performing. Since the software is already connected to your assets, it will give you a head start on monitoring your endpoints.
3. Prioritize data security needs with proper encryption
When it comes to securing the data you send over the IoT, you should turn to the most up-to-date encryption protocols, as Conner Forrest suggests on ZD Net.
Robert Metzler of KORE Telematics notes that, when passing information between devices, SSL can be costly. Instead, he suggests “creating a site-to-site VPN tunnel from the M2M [machine to machine] operator” to the server.
Manuel Grenacher, CEO of Coresystems, emphasizes the importance of securing your data—especially personal data. Grenacher says the extent of how secure you need to be comes down to what kind of data is being sent back and forth. “If it comes to data about persons, then it’s highly critical, because of privacy issues, like location and such. If you only have sensor data, it’s less critical.”
4. Leverage the benefits of two-step authentication
Authentication—i.e., making sure the IoT knows it’s you sending data, and not some hacker—can be the difference between stolen intellectual property and a secure network.
Grenacher prefers a two-step authentication approach: “Two-way authentication works out; people usually don’t forget the second piece of information, along with their email.”
If you have a Gmail account, and you’ve ever been asked to provide your phone number, you’ve seen a two-step authentication in action.
Grenacher does, however, caution people about the kind of information they’ll be sending:
“Again, your approach depends on what data you manage, but two-way authentication is a good way, and a cheap way, of how SMBs [small and midsize businesses] could solve IoT security issues.”
Your experiences with service IoT security?
Has your field service business secured your IoT successfully? Or have you bounced back from a security breach? If so, let me know in the comments below!
If you’re looking for more information about the internet of things, check out one of these Capterra posts:
- 6 Vital IoT Security Hacks For Your CMMS Business
- Building Your Own Internet Of Things For Field Service
- Unleashing Next-Gen Business Intelligence Through The IoT To Drive Results
Looking for Field Service Management software? Check out Capterra's list of the best Field Service Management software solutions.