Automatic Password Rotation for IoT Devices
Modern organizations face a major operational challenge: managing their growing fleets of IoT devices. As IoT deployments are becoming increasing larger scale, automatic password rotation is becoming essential.
In fact, this was one of the main operational challenges mentioned in a recent survey we conducted among organizations managing IoT across various industries. Due to the time and costs associated with manual password rotation, a substantial portion of survey respondents stated that they don’t maintain or rotate passwords at all. In other words, they use the same password for every user for every device! This creates significant exposure to security breaches and causes compliance issues.
Due to the lack of automated password management tools for IoT devices – commonly found in the IT space – managing these devices at scale has become a business liability for organizations.
“Most organizations don’t maintain or rotate passwords at all”
(SecuriThings survey, 2020)
Why Password Rotation Automation is Essential in IoT
For organizations that need to maintain IoT deployments – sometimes across multiple and dispersed sites – password rotation automation is essential. At scale, the need for automation is further accentuated.
Consider a commercial airport that deploys IoT-enabled HVAC or video surveillance systems (CCTV) to optimize passenger and terminal operations. Infrequent password rotation increases the risk of a cyber-attack on a vulnerable IoT device, which could severely impact airport security and airside operations safety.
This risk is very real, because the procedure of changing default credentials was found to be one of the poorest implemented technical practices by airports using IoT technology (PMC survey, 2019).
Regardless of the industry, organizations typically maintain several types of IoT devices (e.g., video surveillance, access control, HVAC, elevators) – each with its own management system. Each device may have multiple users, and each user requires a dedicated password. Following password rotation best practice improves cyber resiliency, but is unrealistic in manually maintained large-scale IoT deployments.
Benefits of Automatic Password Rotation
- Automatic password rotation enables organizations to effortlessly update passwords for any number of devices or device groups, across multiple sites.
- Using a single password repository, automated password rotation tools ensure compliance with regulatory and organizational policies, allowing IoT and IT teams to protect organizational networks and assets in harmony.
- Eliminating tedious, manual device password updates, and introducing automatic password rotation allows users to focus maintenance efforts on more challenging tasks.
- Password rotation automation reduces operational costs. The time, expense and resources required to manually update device passwords is prohibitive for IoT teams with limited personnel – especially at scale.
Boost Operational Efficiency and Cyber Resiliency with SecuriThings Horizon
By implementing robust, automated password rotation standards for IoT device fleets, organizations of all sizes can increase the efficiency of maintenance operations, ensure business continuity and improve overall cyber resiliency.
SecuriThings Horizon brings IT management standards and capabilities, such as password rotation and firmware upgrade, to the world of IoT. Horizon is a dedicated IoTOps solution that helps organizations manage device operations at scale using data, analytics and automation.
For more information about how your organization can benefit from automated operations for IoT devices, click here.