Securing IoT Devices Demands Applying Zero Trust Principles – Technologist
Two recent sets of vulnerabilities discovered in medical IoT devices, one in lab testing gear and one in a temperature sensor (the latter of which brings back memories of the infamous fish tank sensor hack in Las Vegas), highlight the need for implementing Zero Trust principles when deploying IoT devices.
When one thinks about Zero Trust in relation to securing IoT devices, network segmentation comes to mind as the easiest way to control access to these devices and, if the device is compromised, restrict access to other apps and data so that patient data may not be accessed, or an attack can pivot to other devices on the network.
The challenge is that these devices may need that access because these smaller devices are often part of larger solution deployments to do blood testing or control the temperature of samples or pharmaceuticals, so simply implementing these segmentation policies will still allow for access to apps, data, and other devices with which these components communicate.
Access control needs to go deeper, and you need to define exactly what these devices have access to on other devices, application servers, or internet hosts.
IoT device deployments, like many modern networks, tended to grow organically and not always as planned. Devices slowly got added to the network to fill a need, such as printing, video monitoring, or package tracking, and by the time enterprises realised what happened, thousands of devices had become part of the corporate network, with no plans on how to manage them, how access would be controlled, or how they would be monitored.
This means that as problems were discovered, teams pivoted to resolve the problem without any thought or ability to redesign the deployment so that these requirements were properly addressed. Since the proliferation of these devices isn’t slowing down, problems like this continue to rise, meaning the time to act is now.
IoT security has been identified as one of our top 10 emerging technologies for 2024, which reflects the growing concern about securing these devices. In response to these concerns, a lot of solutions have emerged to address IoT devices, device inventory, vulnerability management, identity and access management, network control and security, and endpoint security. These solutions can only assist once security leaders determine that they’re going to implement Zero Trust principles to IoT device deployments. This means:
- Recognising what’s wrong right now.
- Analysing the needed level of access to these IoT devices.
- Understanding the data to which the devices need access.
- Determining how these devices are going to be monitored.
Forrester clients interested in assessing these requirements and gaining direction on their IoT security roadmaps should submit an inquiry or guidance session request with me. If you don’t know how you’re going to use this technology, it’s going to be shelfware.
First published on Forrester
Obsolete Technology- Challenges and Strategies – Technologist
Are Admin Rights Dangerous? | CFOs / CEOs Beware – Technologist
Strategies to Fix a Missing Bluetooth Option in Windows 11 – Technologist
About The Author
admin
Azeem Rajpoot, the author behind Technolo Gist, is a passionate tech enthusiast with a keen interest in exploring and sharing insights about the rapidly evolving world of technology. With a background in Technologist, Azeem brings a unique perspective to the blog, offering in-depth analyses, reviews, and thought-provoking articles. Committed to making technology accessible to all, Azeem strives to deliver content that not only keeps readers informed about the latest trends but also sparks curiosity and discussions. Follow Azeem on this exciting tech journey to stay updated and inspired.
