The Internet of Things (IoT) may have sounded like science fiction to many during its early days.
But the space for interconnected, voice-activated devices will continue to explode into a US$520bn industry by 2021, according to research from Bain.
IoT developers now have their sights set on the enterprise market, reported Forescout, an international IoT security expert.
“Tools like Alexa and Home are incredibly useful and convenient. People are used to having them at home, and they will want to bring the same level of convenience into the office with them,” said Steve Hunter, Forescout’s senior director of systems engineering for Asia Pacific and Japan.
Forescout predicts this will create a new “wave of consumerization of IT in the workplace.”
IT departments must be ready with a game plan for handling these nascent tools, especially since IoT devices carry their own cybersecurity risks, the group recommended.
“It’s essential to have policies around how these devices are connected to the network and segmented to avoid creating unnecessary vulnerabilities,” Forescout said.
If employees, for instance, have voice-activated devices such as Alexa and Home connected to the corporate network, they could become open to widescale “botnet attacks” – automated programs that can compromise both personal and organizational security.
Keeping an eye on IoT devices
Enterprise IoT devices are typically focused on internal use, and IT departments have a “long history of having strong perimeter controls in place,” Hunter said. Thus, the risk of enterprise IoT devices being “absorbed into a botnet” has not been commonly seen in the wild.
But this is where it gets tricky when employees bring their own personal IoT device to work.
“This makes it difficult to assess whether the traffic to and from these devices is malicious compared with internally-focused devices where communication with the public internet is a strong signal the device has been compromised,” he said.
Unlike the first wave of ‘consumerized’ tech – where workers brought personal smartphones and tablets to the office and IT deployed mobile device management software to curb the risks – this new wave ushers in devices that lack such software agents that add an extra layer of security.
“The answer to this challenge,” Hunter said, “is for organizations to deploy visibility tools that let them see definitively every device that’s connected to the corporate network, along with that device’s activity. Businesses can then segment the network and treat devices according to their level of risk.”
“Without that visibility, businesses could find themselves more vulnerable than they were prepared for when allowing consumer IoT devices into the network,” he said.
“And, with the number of personal IoT devices connected to corporate networks continuing to rise, having a plan to address this visibility gap today is essential.”