Best Practices for Enterprise Security in the IoT Age

194040659As the ever-connected world continues to explore the Internet of Things (IoT), the enterprise must consider how to rethink and adjust its security approach to accommodate a new technological age. This does not require a complete restructuring of the security architecture, but only a repurposing of some existing technology and roles.

Here are several best practices to help the enterprise securely embrace the IoT.

Leverage Existing Network Security

IT professionals can use their existing infrastructure to help enforce network security. Best practices for IT professionals include strategies that may already be in place:

  • Employ private, segmented networks with designated IP ranges.
    • Private network usage has the added benefit of cost savings when compared to public IP ranges.
  • Continue securing connections with virtual private network (VPN) technologies such as IPsec.

Revamp the Governance Structure

The IoT brings new security challenges, and the enterprise needs to re-evaluate how information security personnel fit into this updated picture. Businesses should ask the following questions to help ensure complete protection for their resources:

  • To whom should the head Information Security Officer report?
  • Should new or previously uninvolved personnel participate in information security initiatives?
  • What new types of devices does the organization need to secure?

Monitor Critical Infrastructure

Most pieces of infrastructure today are connected and online, a different situation from years ago when these resources were offline. With this in mind, businesses must ensure that critical infrastructure (as it relates to IoT) is secured. IT professionals should keep the following ideas in mind when considering their enterprise security posture:

  • Infrastructure attacks may be more frequent, but there is an array of intelligence available that can help prepare for attacks and mitigate impact.
  • An investment in real-time attack intelligence software is both necessary and worthwhile.
  • Visibility and awareness are powerful tools against attacks.

Do Not Forget the Past

IT stakeholders should not underestimate the value of lessons learned from past experiences, including past threats or attacks. The enterprise can adopt the most secure posture in the IoT by consciously learning from every incident:

  • Acknowledge that past attacks may occur again and prepare for them.
  • Embrace new and updated technologies that are equipped to handle potential attacks.
  • Establish strong plans to effectively combat and manage response to attacks.

The enterprise can be well-prepared to embrace the Internet of Things from a security perspective, and in many ways, it already is prepared. By maximizing the impact of existing tools, evaluating the security reporting structure, monitoring important assets, and learning from previous experiences, companies can fully and securely experience these exciting new technologies.

[Infographic] Enterprise Mobility Strategy: BYOD or CYOD?

Companies large and small understand that having a mobile workforce can provide a competitive advantage. So why hasn’t every business ‘mobilized’ then? Enabling a company’s workforce to go mobile isn’t as easy as walking into a cell phone store and buying a phone. For businesses, it’s much more strategic, with aspects like cost and data security to be considered. This infographic highlights two popular strategies for businesses interested in going mobile. BYOD (Bring Your Own Device) and CYOD (Choose Your Own Device). Is one right for your business?

ROI-Infographic-BYOD-CYOD

Click below to embed the above image into your website

Cloud-based UC: The Emerging Solution to Enterprise Communication Challenges?

Cloud based unifiedAs the Unified Communications (UC) market continues to grow, enterprise adoption of cloud-hosted UC services has also gradually increased. While more and more enterprises are becoming interested in cloud-hosted UC services, many large organizations are still not fully committed to this concept.

UC providers can accelerate the adoption of cloud-based conferencing, video, voice, instant messaging, and other collaboration services by continuing to address the current challenges of enterprise communications. Even more importantly, they must clearly inform the IT decision-makers in organizations how their solutions solve relevant problems.

Consider these four challenges organizations face which can be solved through UC solutions:

Satisfying the evolving needs of the mobile workforce

  • The workforce is increasingly younger, more technologically-savvy, and more demanding in terms of their technology requests.
  • Almost 50% of the workforce will consist of the “millennial” generation by 2020 (according to the U.S. Bureau of Labor Statistics). Workers from this generation not only want the latest devices, they also want to be able to work on them from anywhere in the world.
  • IT needs to equip this tech-savvy generation of workers with the latest collaboration tools. Cloud-based UC is best-suited for this task of fulfilling the needs of the emerging workforce.

Enabling cost-efficient productivity

  • Organizations want to enable their employees to collaborate in a way that eliminates unnecessary inter-office travel. Cloud-based UC must thus deliver the full range of communications that allows such collaboration.
  • Employees must be able to quickly shift between services such as video and web conferencing to preserve the “real life” experience of these technologies.
  • Users need to be able to use any device from anywhere, and to shift among devices as needed.
  • The UC service must be high-quality and available 24/7; users won’t adopt it without a seamless user experience.

Supporting fixed-mobile convergence

  • The convergence of multiple communication types is desirable and convenient for the enterprise as well as the employee. Cloud-based UC can provide these important conveniences.
  • Employees want the convenience of a “single number reach” to eliminate communication disruptions between desk and mobile phones.
  • Businesses are burdened with multiple service contracts for various types of telecommunications; convergence among these services using cloud-based UC simplifies the billing process and reduces expenses.

Providing bring-your-own-device (BYOD) tools for communications

  • The popularity of BYOD enables cloud-based UC to both streamline and separate communications services through dual persona solutions.
  • “Dual persona for UC” is a way users can securely access all of their cloud-based unified communications services from a single device, including voice, text messaging, video calling, and instant messaging.
  • Users are attracted to dual persona because it provides simplified but separate access to both corporate and personal communications services from a single device.
  • Cloud-based “dual persona for UC” gives employees the freedom they need and enables the enterprise to maintain security and control over corporate communications.

The adoption rate of cloud-based UC still leaves a lot of room for growth, but the evidence suggests that there is a clear market need and demand for these services. Cloud-based UC developers must keep these enterprise needs in mind as they refine and market their solutions.

Let’s Get Redundant: The Fight Against Downtime

redundancy backupGone are the days when an outage was just an inconvenience. Downtime today means massive revenue loss, to the tune of hundreds of thousands of dollars an hour, making every moment count in the struggle to recover availability. The efforts of minimizing risk of downtime and making the system highly available are ones that may be quiet victories, but they are immensely valuable.

Connectivity

The most important building block in a business’s infrastructure is that small, seemingly trivial piece existing between the business’s systems and the Internet and telecommunication provider’s systems. If this piece is unstable, not much else matters. Old, archaic telephone-line technology may threaten the reliability of the communication trunk that provides adequate connection speeds, plus impair what would otherwise be a solid disaster recovery or continuity plan.

Redundancy, Redundancy, Redundancy

One of the most important tactics to employ in a strong disaster recovery or continuity plan is to have a Plan B, C, D, or Z. Redundant pathways reliant on different types of connectivity are key. If a piece of hardware fails, the network is attacked, inclement weather happens, or the telecom provider experiences a problem, there must be a fail-safe. This could be utilizing a backup provider on a completely different set of wires, switching to a mirrored instance hosted in a different part of the country, or another type of remote access setup. It is highly desirable that the network automatically failover to the backup connection without human intervention. This makes any downtime a mere blip rather than a revenue-guzzling catastrophe.

Investments in Providers and SLAs

When setting up a disaster recovery and business continuity plan and interviewing providers, be wary of cheap providers. While the cost benefits may be attractive, lost revenue from potential downtime will far offset any monthly or annual savings. Purchase with a reputable provider and spring for the extra service level agreements (SLAs) if available. This will help ensure quick response time from the provider in the instance of an outage on their side. Aim for a provider that is investing in infrastructure and avoiding old lines in favor of laying new fiber and offering high bandwidth options. This eliminates the risk of the telephone line disintegrating or losing a connection, crippling even the most well-planned disaster recovery program.

The Need for Speed

Reliability isn’t the only reason to invest in a set of quality providers with lightning speeds. Cloud solutions are more popular now than ever before. Accessing the cloud can be cumbersome and slow on old lines, dragging down a business’s productivity and accessibility. Think advanced technology, even in basic communication. Be sure to read reviews, check uptime ratings, and testimonials by companies of varying complexity and size.

Diversity and redundancy are absolute necessities in business infrastructure. Without it, connectivity can be lost in a blink, followed by huge amounts of revenue. It’s best to invest in an array of reputable providers — with their own proprietary systems and guarantees — and get creative when establishing the company’s disaster recovery plan.

Cloud Security: Not a One-Stop Shop

1Just about every tech commercial these days references “The Cloud” as the be-all, end-all solution to the world’s woes. Cloud is certainly powerful, flexible, reliable, and versatile, but it can also carry serious security risks. Security is the number one factor deterring companies from using a cloud system. However, sharing the security burden with the cloud provider reduces risk and allows a company to safely take advantage of cloud technology.

Insecure Situation

When using cloud infrastructure, the control of data may be lost or compromised to a degree. A third party possessing control over security, configuration, access, and more may provide cause for hesitation. Lack of security options in vendor cloud offerings could be of additional concern. These concerns are valid no matter what type of cloud setup is purchased or where data is housed. While cloud providers may build in some security protocols, the best defense is a multi-pronged approach to security taken by the company as it is implementing the cloud architecture.

Tailoring Security

Using multiple layers of security is the best tactic for cloud protection. These layers should include protection at the hardware level, virtual environment, and surrounding the application itself. At the bottom of the pyramid are basic tools like firewalls, provider isolation, and simple protection. Strong firewall rules are imperative for cloud systems. These foundational items are largely controlled by the cloud provider, though the user may have some input.

Using complex levels of protection such as virtual networking encryption, network firewalls, and port filters should be considered. While some of these tools exist on the provider’s side of the equation, many of them are controlled by the business.

Last, but not least, is the encryption on the disk partitions that surround the company’s environment, which falls in the lap of the implementing company. An overlay networking arrangement is of great use in the security equation when combined with site-to-site Internet Protocol security (IPsec) through virtual private network (VPN) tunnels. This setup protects from attacks on both provider and user sides and gives adequate control back to the business.

Security Is Everyone’s Problem

With the cloud provider and the business’s IT team both focused on security, a stronger solution is created. In addition, this tandem approach relieves the business of management overhead. More time and effort can be spent on handling the security of core applications rather than dealing with storage and server configuration and acquisition. The result is enhanced security from the inside out.

Cloud security must be a partnership between a company and its selected cloud provider. By isolating connections and locking down security through the cloud provider and the business, cloud security is improved. Building hybrid and multi-layer solutions into the cloud system allows cloud’s powerful technology to be used safely and effectively, facilitating business growth in a secure environment.