Last updated: 05 July 2017
No, my blog post did not get hacked; and the subject of the blog is exactly what I meant it to be – encrypted! What you see is a half encrypted blog title. It’s quite likely you’re reading this post because you are interested in IoT, or specifically IoT Security. Which means my purpose is well-served – I’ve revealed only the information in my title that is most relevant for you, and encrypted everything else! Read on, and perhaps you can discover what my blog title actually is.
We’ve written about IoT Security before. There’s no easy way to describe it, but encrypting my blog title is one example. There are parts I want to reveal and parts I don’t. It’s the same for any enterprise implementing IoT solutions. Companies wish to restrict some information, while allowing access to other parts. As a result, they need a robust authentication system and encryption in place to properly protect their networks. But security for enterprises goes far beyond this small example. Should enterprises secure the newly-introduced devices (or endpoints)? Should they focus on securing the communication between devices; or the communication from the device to the cloud? As for the cloud, should enterprises think about cloud security as well? All these questions can be overwhelming for IT security managers (or more specialized IoT Security managers) who are jumping into new projects to integrate innovative new devices into their enterprises’ existing ecosystems. A recent report by Gartner, Market Guide for IoT Security, captures the essence of these questions. Here’s a synopsis of the key findings from the report:
- There are four key areas emerging as a focus for IoT Security: embedded trust, device identity and key/credential management, real time visibility and control, and professional services
- The early adopters are learning quicker from their try-fast-fail-fast approach through proofs-of-concepts inside their organizations
- Lower complexity of deploying IoT Security is one of the key criteria for identifying solutions to IoT threats
The task for implementing security for IoT solutions can be quite daunting. Where should one begin? I’ve had a few discussions with project managers in charge of implementing smart manufacturing initiatives, for example. From use cases like industrial goggles for remote support and training of machine operators to using new sensors for monitoring metrics on a certain production line, security is pivotal.
Enterprises, such as manufacturing companies, are beginning to understand that even at the phase of doing proofs-of-concept, security cannot be overlooked. But with the security challenges these new kind of devices introduce to the whole enterprise network, the IoT Security Managers have their hands full. Introducing a single industrial tablet or glasses, even if it’s for a proof-of-concept, introduces the network to new threats. Three challenges come up immediately: managing the identity of these new devices, addressing how they access the rest of the network, and ensuring that the communication to or from these devices is encrypted. The Market Guide by Gartner is a very good reference to begin research on IoT Security, and to understand the boundaries for such projects.
Digital security is becoming increasingly important, whether for governments, transport authorities, industrial OEM, consumer OEM, MNOs or banks. It’s critical to achieve the right balance between security and convenience, while securing the device, securing the cloud and successfully managing the lifecycle of security keys. To learn more, visit our IoT Security website.
About the title, I intend to keep it obscure! If you really want to discover what it is, go to this online decryption tool, and type in this encrypted message in the title, “lT69mH+xRxVTAAVmSa7N7htOHGOpxAVe” The encryption algorithm is “Des”, and the key to use is “HAIDER”. Think you managed to decrypt the title? Post in the comment section below. And make sure you download this great Market Guide from Gartner.
This blog post was also published on March 13, 2017 via Mobile ID World.