Original Post from Microsoft Secure
Author: Todd VanderArk
Businesses across industries are placing bigger and bigger bets on the Internet of Things (IoT) as they look to unlock valuable business opportunities. But time and time again, as I meet with device manufacturers and businesses considering IoT deployments, there are concerns over the complexity of IoT security and its associated risks—to the company, its brands, and its customers. With the growing number and increased severity of IoT attacks, these organizations have good reason to be cautious. With certainty, we can predict that the security vulnerabilities and requirements of IoT environments will continue to evolve, making them difficult to frame and address. It’s complex work to clearly define a security strategy for emerging technologies like IoT. To compound the challenge, there’s a record-setting 3-million-person shortage of cybersecurity pros globally. This massive talent shortage is causing the overextension of security teams, leaving organizations without coverage for new IoT deployments.
Despite the risks that come with IoT and the strain on security teams during the talent shortage, the potential of IoT is too valuable to ignore or postpone. Decision makers evaluating how to pursue both IoT innovation and security don’t need to steal from one to feed the other. It isn’t a binary choice. There is a way to augment existing security teams and resources, even amidst the talent shortage. Trustworthy solutions can help organizations meet the ongoing security needs of IoT without diminishing opportunity for innovation.
As organizations reach the limit of their available resources, the key to success becomes differentiating between the core activities that require specific organizational knowledge and the functional practices that are common across all organizations.
Utilize your security teams to focus on core activities, such as defining secure product experiences and building strategies for reducing risk at the app level. This kind of critical thinking and creative problem solving is where your security teams deliver the greatest value to the business—this is where their focus should be.
Establishing reliable functional practices is critical to ensure that your IoT deployment can meet the challenges of today’s threat landscape. You can outsource functional practices to qualified partners or vendors to gain access to security expertise that will multiply your team’s effectiveness and quickly ramp up your IoT operations with far less risk.
When considering partners and vendors, find solutions that deliver these essential capabilities:
Holistic security design—IoT device security is difficult. To do it properly requires the expertise to stitch hardware, software, and services into gap-free security systems. A pre-integrated, off-the-shelf solution is likely more cost-effective and more secure than a proprietary solution, and it allows you to leverage the expertise of functional security experts that work across organizations and have a bird’s-eye view of security needs and threats.
Threat mitigation—To maintain device security over time, ongoing security expertise is needed to identify threats and develop device updates to mitigate new threats as they emerge. This isn’t a part-time job. It requires dedicated resources immersed in the threat landscape and who can rapidly implement mitigation strategies. Attackers are creative and determined, the effort to stop them needs to be appropriately matched.
Update deployment—Without the right infrastructure and dedicated operational hygiene, organizations commonly postpone or deprioritize security updates. Look for providers that streamline or automate the delivery and deployment of updates. Because zero-day attacks require quick action, the ability to update a global fleet of devices in hours is a must.
When you build your IoT deployment on a secure platform, you can transform the way you do business: reduce costs, streamline operations, light up new business models, and deliver more value to your customers. We believe security is the foundation for lasting innovation that will continue to deliver value to your business and customers long into the future. With this in mind, we designed Microsoft Azure Sphere as a secured platform on which you can confidently build and deploy your IoT environment.
Azure Sphere is an end-to-end solution for securely connecting existing equipment and creating new IoT devices with built-in security. Azure Sphere’s integrated security spans hardware, software, and cloud, and delivers active security by default with ongoing OS and security updates that put the power of Microsoft’s expertise to work for you every day.
With Azure Sphere, you can design and create innately secured IoT devices, as well as securely connect your existing mission-critical equipment. Connecting equipment for the first time can introduce incredible value to the business—as long as security is in place.
Through a partnership with Azure Sphere, Starbucks is connecting essential coffee equipment in stores around the globe for the first time. The secured IoT implementation is helping Starbucks improve their customer experience, realize operational efficiency, and drive cost savings. To see how they accomplished this, watch the session I held with Jeff Wile, Starbucks CIO of Digital Customer and Retail Technology, at Microsoft Ignite 2019.
With a secured platform for IoT devices, imagination is the only limit to what innovation can achieve. I encourage you to read Secure your IoT deployment during the security talent shortage to learn more about how you can build comprehensive, defense-in-depth security for your IoT initiatives, so you can focus on what you’re in business to do.
A comprehensive IoT security solution—including hardware, OS, and cloud components—to help you innovate with confidence.
The post How to secure your IoT deployment during the security talent shortage appeared first on Microsoft Security.
Go to Source
Author: Todd VanderArk