Distributed and mobile platforms have fundamentally changed the IT landscape. Almost always today, devices, applications and users are remote to each other – each owned and operated by different third-parties. These platforms are made of many unique and different technologies including purpose-built, resource challenged IoTs.
01 – Purpose Built and Non-Standard
IoTs are often purpose built and non-standard, using imagination-driven hardware and software for imagination-driven purposes.
Traditional security approaches and tools were designed to secure Windows, Mac, and Linux, running intel processors and are not in tune with the requirements of IoT infrastructures.
02 – Everything is Everywhere
Technologies today are highly distributed and mobile, and are designed to operate on many different hostile public and private networks.
Traditional security approaches and tools were designed for and are limited to protecting concentric and contained networks of systems.
03 – Long-Distance Applications
Technology platforms are increasingly dependent on remote SaaS and hosted applications.
This requires securing different technologies operating in hostile non-concentric networks with tools not designed for the task.
04 – The Deconstructed Platform
Platforms become deconstructed when IoTs are introduced. It is not uncommon for the network the IoT operates on, the IoT itself, the application infrastructure, the application itself, and the platform’s management to all be third parties to one-another.
Today, securing each IoT type, application and management platform requires a different array of security tools and expertise – overall an expensive, resource intensive and ultimately ineffective process.
05 – Welcome to Dependency Compute
Devices, applications and users are not stand-alone; they are highly dependent on each other. Devices generate data and perform tasks while the application turns data into insight and decides on actions to be taken by the device.
The integrity and reliability of communications between devices and applications is mission critical. Without devices, application functions go unfulfilled. Absent the application, device data cannot turn into decision-support insight.
06 – A Web of Exposures
The deconstructed platform means that third-party applications have privileged access to IoTs operating on multiple customer networks, bypassing their network security. Their security is now dependent on the security of the third-party application provider.
Compromise of SaaS or remote third-party applications could easily lead to compromise of the many IoTs to which it has privileged access. The compromised IoTs can then be used to cross-contaminate other systems on the network.
07 – The Global Attack Surface
On a common network, each unique device is connected to different third-party applications. These applications in turn service many devices for many other customers. This tangled web of relationships diminishes the security of all parties to that of the weakest link!
With the addition of every unique device and third-party application, the exposures are compounded, leading to indefensible complexity.
08 – Spanning Generations
With a lifespan of 8-20 years, devices outlive enterprise technologies by a factor of four or more.
Purpose-built devices have introduced a new logistics paradigm for operations, management, upgrade, repair, and security of these distributed platforms over a period spanning decades.
09 – There’s No Stopping This Train
Everything is now connect-capable, and below-the-radar introduction of new technology and cloud applications is so common that it has become muscle memory.
The rush to make mundane objects connected has led to operation technologies, like HVAC systems, building access, and even the coffee machine, to quietly seep into the network – creating many unknown back doors.
10 – IoT T T T T T T T T T T T T T T T T T T T T
The scale of IoTs has already dwarfed that of enterprise technologies. By sheer volume, these defenseless technologies are being actively used en masse to wage cyber war.
With their low cost, limited nature and the industry emphasis on function without viable security options, IoTs are especially vulnerable as points of compromise, as attack tools or both. Managing security on a platform experiencing explosive growth is especially challenging.
11 – Unbounded Consumption
IoTs are technologies that operate in-the-wild and are accessible to anyone local or remote. Moreover, as machine-to-machine communication becomes dominant, unrelated IoTs may be repeatedly engaged by misconfigured systems or poorly developed applications.
Security is the most expensive compute resource. Aside from short-term effects, attackers can impact long-term IoT longevity by hastening a device’s power consumption through persistent attacks — forcing a decision to replace or abandon the IoT.