01 – Purpose Built and Non-Standard
IoTs are often purpose built and non-standard, using imagination-driven hardware and software for imagination-driven purposes.
Traditional security approaches and tools were designed to secure Windows, Mac, and Linux, running intel processors and are not in tune with the requirements of IoT infrastructures.
02 – Everything is Everywhere
IoTs are often highly distributed or mobile and are designed to operate on many different hostile public and private networks.
Traditional security approaches and tools were designed for and are limited to protecting concentric and contained networks of systems.
03 – Long-Distance Applications
IoTs are predominantly distributed or mobile, thereby the applications they depend on will always be remote.
This requires securing different technologies operating in hostile non-concentric networks with tools not designed for the task.
04 – The Deconstructed Platform
Platforms become deconstructed when IoTs are introduced. It is not uncommon for the network the IoT operates on, the IoT itself, the application infrastructure, the application itself, and the platform’s management to all be third parties to one-another.
Today, securing each IoT type, application and management platform requires a different array of security tools and expertise – overall an expensive, resource intensive and ultimately ineffective process.
05 – Welcome to Dependency Compute
IoTs and applications are not standalone; they are highly dependent on one-another. IoTs generate data and perform tasks while the application turns data to insight and decides on actions to be taken by the IoT.
The integrity and reliability of communications between IoTs and applications is mission critical. Without IoTs, application functions go unfulfilled. Absent the application, IoT data cannot turn into decision-support insight.
06 – A Web of Exposures
The deconstructed platform means that Third-party applications have privileged access to IoTs operating on multiple customer networks, bypassing their network security. Their security is now dependent on the security of the third-party application provider.
Compromise of SaaS or remote third-party applications could easily lead to compromise of the many IoTs to which it has privileged access. The compromised IoTs can then be used to cross-contaminate other systems on the network.
07 – The Global Attack Surface
On a common network, each unique IoT is connected to different third-party applications. These applications in turn service many IoTs for many other customers. This tangled web of relationships diminishes the security of all parties to that of the weakest link!
With the addition of every unique IoT and third-party application, the exposures are compounded, leading to indefensible complexity.
08 – Spanning Generations
With a lifespan of 8-20 years, IoTs outlive enterprise technologies by a factor of four or more.
IoTs have introduced a new logistics paradigm for operations, management, upgrade, repair, and security of these distributed platforms over a period spanning decades.
09 – There’s No Stopping This Train
Everything is now connect-capable, and below-the-radar introduction of new technology and cloud applications is so common that it has become muscle memory.
The rush to make mundane objects connected has led to operation technologies, like HVAC systems, building access, and even the coffee machine, to quietly seep into the network – creating many unknown back doors.
10 – IoT T T T T T T T T T T T T T T T T T T T T
The scale of IoTs has already dwarfed that of enterprise technologies. By sheer volume, these defenseless technologies are being actively used en masse to wage cyber war.
With their low cost, limited nature and the industry emphasis on function without viable security options, IoTs are especially vulnerable as points of compromise, as attack tools or both. Managing security on a platform experiencing explosive growth is especially challenging.
11 – Unbounded Consumption
IoTs are technologies that operate in-the-wild and are accessible to anyone local or remote. Moreover, as machine-to-machine communication becomes dominant, unrelated IoTs may be repeatedly engaged by misconfigured systems or poorly developed applications.
Security is the most expensive compute resource. Aside from short-term effects, attackers can impact long-term IoT longevity by hastening a device’s power consumption through persistent attacks — forcing a decision to replace or abandon the IoT.