Modern organizations face a major operational challenge: managing their growing fleets of IoT devices. As IoT deployments are becoming increasing larger scale, automatic password rotation is becoming essential.
In fact, this was one of the main operational challenges mentioned in a recent survey we conducted among organizations managing IoT across various industries. Due to the time and costs associated with manual password rotation, a substantial portion of survey respondents stated that they don’t maintain or rotate passwords at all. In other words, they use the same password for every user for every device! This creates significant exposure to security breaches and causes compliance issues.
Due to the lack of automated password management tools for IoT devices – commonly found in the IT space – managing these devices at scale has become a business liability for organizations.
For organizations that need to maintain IoT deployments – sometimes across multiple and dispersed sites – password rotation automation is essential. At scale, the need for automation is further accentuated.
Consider a commercial airport that deploys IoT-enabled HVAC or video surveillance systems (CCTV) to optimize passenger and terminal operations. Infrequent password rotation increases the risk of a cyber-attack on a vulnerable IoT device, which could severely impact airport security and airside operations safety.
This risk is very real, because the procedure of changing default credentials was found to be one of the poorest implemented technical practices by airports using IoT technology (PMC survey, 2019).
Regardless of the industry, organizations typically maintain several types of IoT devices (e.g., video surveillance, access control, HVAC, elevators) – each with its own management system. Each device may have multiple users, and each user requires a dedicated password. Following password rotation best practice improves cyber resiliency, but is unrealistic in manually maintained large-scale IoT deployments.
By implementing robust, automated password rotation standards for IoT device fleets, organizations of all sizes can increase the efficiency of maintenance operations, ensure business continuity and improve overall cyber resiliency.
SecuriThings brings IT management standards and capabilities, such as password rotation and firmware upgrade, to the world of IoT. SecuriThings Enterprise is a dedicated IoTOps solution that helps organizations manage device operations at scale using data, analytics and automation.
For more information about how your organization can benefit from automated operations for IoT devices, click here.