The perimeter fence model of IT security, which focused mainly on preventing external security threats with the digital equivalent of building a big fence around the perimeter of the organization with gates and guards securing a limited number of access points, was upended by the cloud. Cloud-based services float over fences and wirelessly through walls. This is especially true since most organizations are now powered by a mobile workforce that’s transformed work into an activity independent of location and time.
The Internet of Things (IoT), however, has the potential to be even more disruptive to IT security since IoT is akin to adding thousands of new—and unguarded—gates to an already porous perimeter. Or as Michael Pumper phrased it, “IoT may increase your attack surface” since every Internet-connected thing “is another potential entry-point for a hacker. IoT is an emerging technology, which means security will not be guaranteed with out-of-the-box enterprise implementations.”
Right now the oh in IoT, so to speak, is oh wow, meaning that IoT discussions tend to center on its myriad and astounding possibilities. “IoT is based around the idea of having millions of devices all connected to a single network, creating an umbrella of information organizations can collect and analyze to improve their operations,” Shawn Drew blogged. “However, security experts have long warned that adding so many extra network access points would make security a nightmare.” Therefore, the oh in IoT becomes oh no when its security implications are considered. Or to put that more succinctly, security is the oh in IoT.
While IoT is a big thing for managed service providers (MSPs), so is securing provided services. And as I have previously blogged, users are the biggest security risk. IoT is adding a huge number of users. Just because, as Phil Simon blogged, these users are passive (i.e., machines passively and automatically create more data than even the most active human beings currently do) doesn’t mean they should get a free pass on security. Right now, however, many of them are, which is making IoT a very actively dangerous thing for its early adopters. This is why securing IoT has to be a priority for MSPs.