Automating Password Rotation for IoT Devices
Maintaining ever-growing fleets of IoT devices is a critical operational challenge for modern organizations. One of the areas in which automated operations is sorely lacking is password rotation.
In fact, this was one of the main operational challenges mentioned in a recent survey we conducted among organizations managing IoT across various industries. Due to the time and costs associated with manual password rotation, a substantial portion of survey respondents stated that they don’t maintain or rotate passwords at all. In other words, they use the same password for every user for every device, increasing exposure to security breaches and creating compliance issues.
Due to the lack of automated password management tools for IoT devices – commonly found in the IT space – managing these devices at scale has become a business liability for organizations.
“Most organizations don’t maintain or rotate passwords at all”
(SecuriThings survey, 2020)
Why IoT Device Maintenance Requires Automation
For organizations that need to maintain IoT deployments – sometimes across multiple and dispersed sites – automated password rotation is essential. At scale, the need for automation is further accentuated.
Consider a commercial airport that deploys IoT-enabled HVAC or video surveillance systems (CCTV) to optimize passenger and terminal operations. Infrequent password rotation increases the risk of a cyber-attack on a vulnerable IoT device, which could severely impact airport security and airside operations safety. This risk is very real, because the procedure of changing default credentials was found to be one of the poorest implemented technical practices by airports using IoT technology (PMC survey, 2019).
Regardless of the industry, organizations typically maintain several types of IoT devices (e.g., video surveillance, access control, HVAC, elevators) – each with its own management system. Each device may have multiple users, and each user requires a dedicated password.
Enabling Password Rotation in a Cost-Effective Manner
Automated password rotation enables organizations to effortlessly update passwords for any number of devices or device groups, across multiple sites. Using a single password repository, automated password rotation tools ensure compliance with regulatory and organizational policies, allowing IoT and IT teams to protect organizational networks and assets in harmony. In addition, by eliminating tedious, manual device password updates, automated password rotation allows users to focus maintenance efforts on more challenging tasks.
Another important benefit of automated password rotation is reduced operational costs. The time, expense and resources required to manually update device passwords is prohibitive for IoT teams with limited personnel – especially at scale.
Boost Operational Efficiency and Cyber Resiliency
By implementing robust, automated password rotation standards for IoT device fleets, organizations of all sizes can increase the efficiency of maintenance operations, ensure business continuity and improve overall cyber resiliency.
SecuriThings Horizon brings IT management standards and capabilities, such as password rotation and firmware upgrade, to the world of IoT. Horizon is a dedicated IoTOps solution that helps organizations manage device operations at scale using data, analytics and automation.
For more information about how your organization can benefit from automated operations for IoT devices, click here.