Microsoft Azure: Keeping IoT Infrastructures Secure Presents Challenges

Connecting assets with other people and companies via multiple devices is becoming an increasingly common fact of life for individuals and organizations, but keeping Internet of Things (IoT) deployments truly secure presents multiple challenges, according to Microsoft Azure product and program managers.

IoT is “transforming businesses today” and providing organizations with many benefits, but a thorough evaluation of a company’s IoT infrastructure is significantly important to make sure they are secure, Arjmand Samuel, principal program manager for Azure IoT, said April 11 on an Advanced Analytics and IoT webinar.

“We’re going to have 30 billion devices connected to the cloud via the Internet by 2020,” Leandro Iwase, Azure senior product manager for cloud and enterprise, said, citing IDC data. New revenue and income streams will be created as a result of all that data that’s flowing through the cloud, he said.

But while connecting assets can deliver tangible results for organizations, it doesn’t come without risk, Iwase said. He pointed to the major hacker attack last year that compromised IoT-enabled devices to harm web sites of companies including Netflix, Spotify and Twitter in the U.S. and other countries. He also noted that a reporter at “The Atlantic” built a fake web toaster to test the vulnerability of IoT devices and that device was hacked within just an hour.

By 2020, more than 25% of identified hacking attacks within the enterprise sector will probably involve IoT devices, he went on to say, citing a projection by research company Gartner.

One thing that makes protecting IoT infrastructures so challenging is that they involve the “convergence of two worlds”: the digital world, represented by information technology (IT), and the physical world, represented by operational technology (OT), to form what’s known as the “system of systems,” he said. While the mission of IT is to design and maintain software, hardware and network resources to make sure they run securely and provide privacy, the mission of OT is to design and maintain machines that run reliably and safely, he explained.

Increasing security for IoT infrastructures requires organizations to evaluate their strategies on multiple fronts, by considering threats, reviewing the consequences, selecting evaluation strategies, and choosing a platform and partner to execute one’s strategy, Samuel said. He singled out the main threats relevant to IoT infrastructures: nefarious activity and abuse, “hijacking” of devices, outages, natural disasters, failure and malfunctions, and physical attacks.

The consequences of all those threats could impact companies, customers and infrastructures, Samuel noted. Companies could lose control and their data, and significant damage can be done to their brands, he said. Customers, meanwhile, can see their privacy compromised and their service disrupted, he said, adding infrastructure damage can include environmental damage and even “loss of life.”

When evaluating strategies, organizations are best served by building “defense in depth,” making use of as many layers of defense as possible, by using multiple computer security techniques, Samuel said.

Finding the right partner to execute IoT security solutions is key, he said, noting that Microsoft recently created a new security program for Azure IoT that connects customers with partners who are experts at evaluating an IoT infrastructure end to end.