Ensuring that employees know how to secure data, and controlling who can access what data at what time and from where, are critical elements of a fit-for-purpose internet of things (IoT) security posture that many enterprises may be missing in the rush to secure the network, according to mobile services supplier Vodafone.
Speaking to Computer Weekly in advance of the whitepaper release, Phil Skipper, Vodafone Global Enterprise head of M2M business development, said the Dyn attack had certainly helped to raise awareness of IoT security and brought more people to his door.
“For the industry, it was actually very helpful because people could see what the potential risk was and then ask what they could do about it,” he said. “We are trying to demystify what security means to people who have not done this before.”
However, Skipper said Vodafone’s enterprise IoT customers had actually dodged a bullet when it came to the Dyn attack because the devices involved were largely consumer products using unsecured, unmanaged connections to the public internet, something Vodafone does not offer.
Vodafone’s enterprise IoT service relies on a private network, which Skipper described as “not IoT running on a consumer network, but IoT on an IoT network”.
Each of its IoT SIMs is assigned a private, unpublished IP address that is not discoverable on the public internet, and by capturing the data traffic generated by these devices and routing it over a separate core network with standardised security built in back to a private cloud, Vodafone can effectively shield its customer IoT installations from external actors.
Additional strength is baked in by soldering SIMs into devices to make them harder to remove, and using tamper-resistant casings and hardened firmware configurations.
However, even the tightest-possible network security measures are not invulnerable to employee action, people who usually make entirely innocent mistakes, but may be acting maliciously.
For Full Story, Please click here.