IT needs to consider the implications of how to best secure devices that are often left unsecured- and prevent breaches that could endanger data stored on the cloud. Here's where things can get tricky
You don’t need to be a Nostradamus to know that cloud computing and the Internet of Things will command keen attention when the annual CES rolls around in January.
As the number of devices and “things” grows exponentially, market forecasters are upwardly revising their already bullish projections for the IoT market. Meanwhile, business adoption of cloud penetration continues at a robust clip and analysts now expect 80% of enterprises will be using hybrid clouds by 2018.
But while the cloud and IoT have largely developed independently of each other, managed service providers know that the nexus between these two transformative technologies bears close watching. With billions of new devices coming online, we’re entering a future where there will be an estimated 1 trillion endpoints. At the same time, the cloud is destined to be a key component in corporate IoT strategies because of its ability to host vast amounts of data - and enterprises will need every last petabyte. As more companies figure out ways to connect their devices into the IoT networks, that means all these suddenly “intelligent” refrigerators, washers dryers, cars and trucks will also be communicating through cloud servers.
On a more nuts and bolts level, though, the scope of this information tsunami also raises concerns about the security (and privacy) implications of all this new information that’s getting generated and stored. Here's where it can get tricky.
Unfortunately, the repeated failure by IoT device makers and customers to secure devices before they get deployed eases the way for malicious hackers to compromise points of entry. It also raises the prospect that successful hackers could exploit IoT breaches to steal information that helps them target data residing in cloud environments.
Organizations have so far avoided suffering major cloud breaches as a result of IoT-related security lapses. Still, the lack of fundamental controls on devices has security experts deeply troubled. Many IoT integuments still get deployed with little or no password protections or other basic control. If past is prologue, malicious actors will very likely find ways to weaponize these end points for their own nefarious purposes.
We got a peek at coming attractions in October, when attackers exploited an IoT vulnerability to launch a distributed denial-of-service attack against Dyn, a big provider of internet infrastructure. Dyn was quickly overwhelmed with data requests, which were directed from a botnet of hacked CCTV video cameras and digital video recorders, leading to service outages at many major websites.
It’s hard to know whether this is a harbinger of trouble for the cloud, though the Cloud Security Alliance felt sufficiently compelled to publish a set of security guidelines for IoT developers. Meanwhile, the computer security world is girding for the inevitability of big attacks leveraging the IoT. The only question now is when, not if.
In the meantime, MSPs can help clients set up security procedures and policies governing the deployment IoT devices. Much of this involves basic blocking and tackling associated with known security protection and prevention routines.
At the same time, companies can minimize their risk by restricting access privileges to IoT devices and the cloud applications that interact with them. MSPs can also counsel clients to select the right cyber-security technologies while working with IT to spot any security gaps in the organization’s networks. Further, they should make sure that IT conducts regular audits of company security systems to ensure that they remain impenetrable.
Meanwhile, the clock is ticking.
This content is underwritten by VMware -- and is editorially independent. It is produced in accordance with conventional standards of business journalism.
Charles Cooper is an award-winning freelance author who writes about business and technology. During his 30-plus year career, he has worked as an executive editor at several leading tech publications including CNET, ZDNet, PC Week and Computer Shopper.