Living on the Edge: IT’s Role in Managing IoT Physical Security Devices
The IT department plays an essential role in evaluating and installing the proper hardware and software necessary to keep the enterprise network functioning properly. While once upon a time, this role focused mainly on office hardware and software applications, today IT must be involved with physical security IoT devices as well.
Enterprise security IoT devices – such as access control systems and video surveillance – have come a long way from their analog grandparents. Today’s advanced Internet-enabled devices reside on the corporate network and are just as integral to business continuity as standard IT devices. As a result, IT departments have seen their roles expanded and are now required to be more involved than ever in an organization’s physical access control decisions and implementation. According to a survey by HID Global, 55% of companies named IT as responsible for physical access control within their organization, and 76% expect IT to make future technology decisions about physical security necessary to protect employees, visitors, and assets from internal and external threats.
This is no small order.
The average enterprise could easily have thousands or even tens of thousands of IoT physical security devices across multiple buildings and geographical locations. To effectively manage these devices, ongoing daily maintenance is required, often on a manual device-by-device basis. The sheer volume of work and costs involved in achieving this manually presents a real challenge to IT, who are still using legacy processes for operational management. These manual, legacy processes are error-prone and often result in issues with device uptime, security and compliance.
Physical Security IoT Devices: An IT Challenge
Without continuous management, IT has minimal visibility into these physical security IoT devices once they are deployed, resulting in a significant operational challenge: How to protect IoT devices as an IT security person? Are the devices working as expected? Are their firmware versions up to date? Are they secure? Are they in compliance with the organization’s policy and industry standards? How can these devices be operationally managed if they are not within the standard IT protocols? These are the questions keeping IT professionals up at night.
The specific challenges:
Availability and uptime: It could take days or even months to detect a problem with a device, exposing the organization to significant risk. Even when a problem is detected, teams cannot easily identify the root cause of the problem without dispatching a technician to check the issue. This lack of visibility can lead to unavailable devices, frequent disconnections, missing recordings, and critical data loss.
Security: Company security policies for other IT devices may include automated password rotation schedules, firmware upgrades, and certificate management — but these standards are not in place for physical security IoT devices, leaving them vulnerable and posing a risk to the organization’s network. According to IDG’s State of the Network Survey for 2020, 77% of organizations associate edge computing with security concerns, yet research shows that 48% of businesses are unable to detect IoT security breaches on their network. Forrester underscores this research with its survey that states that 57% of IoT devices are vulnerable to medium/high severity attacks but 84% of organizations don’t have adequate visibility into their IoT devices. When hackers breach IoT devices, they can easily shut them down, steal company data, delete recording files, or use the devices as a pivot to reach the broader network and tap into other critical assets. This creates a significant challenge in managing networks of IoT, for IT security teams.
Compliance: Without a complete view of deployed devices and their statuses, IT teams lack measurable and trackable compliance standards, which can lead to gaps in security protocols, vulnerabilities, communication bottlenecks, and difficulties with device management. Lack of compliance can result in fines for violations of industry regulations, denial of insurance claims, and reputational damage.
Clearly, there is a gap that must be filled.
Solution: Eyes on IoT physical security devices
SecuriThings Horizon is a software-only solution that can ease IT’s fears by introducing the concept of IoTOps — a set of practices that enables organizations to manage IoT devices in a consolidated, automated and secure manner, no matter how large or geographically dispersed the fleet may be.
Horizon enables organizations to manage IoT devices at scale, while providing real-time visibility and control. Horizon standardizes the operational management of devices, empowering teams to ensure compliance and improve the cyber security posture of their IoT environments. Once deployed, the solution provides automated operations, risk detection with alerts, and predictive maintenance.
A standardized way to operationally manage IoT devices
IT is becoming a key player in the operational management of IoT devices, and a unified view into the IoT ecosystem is necessary to close the gap for organization’s physical security assets.