t cht lk
TECH TALK
Step One: Start with visibility
Put simply, you can’t secure what you can’t
see. Before you can take any other steps, it’s
crucial that you are able to accurately map
what devices are connected to your network,
who is operating them and how and why
they’re connecting to your network. As well
as getting a handle on your own ‘official’
devices, shadow IoT – whereby staff connect
devices to the network without informing IT
teams or taking necessary precautions – is
also something you have to consider.
Traditionally, identification has been fairly
straightforward – IT teams worked against
a narrow set of devices using well practised
techniques and then employed profiling to
say what each person or device should or
shouldn’t be allowed to do on the network.
But with many of today’s devices built
with generic hardware and software, or
coming from emerging vendors that don’t
follow standards; discovery, profiling and
78
INTELLIGENTCIO
identification is proving more and more
challenging. And if you can’t figure out what
something is in order to label it good or bad,
how can you create a reliable profile and
keep operations moving?
teams need closed-loop, end-to-end
access control from the moment a device
joins the network.
The answer is to increase our focus on
context and Machine Learning. If we can’t
rely on being able to identify exactly what
is using our network, we need to look at
the behaviour of the device instead. In Given the sheer quantities of IoT devices,
however, manual intervention is no longer
practical. IoT devices are likely to be
operating around the clock, or with some
devices connecting at non-specific times
to carry out a task before returning to
sleep mode.
many scenarios, a combination of what
protocols a device is using and what data,
applications or URLs it is accessing is the
only way to build up an accurate picture of
what the device actually is and whether the
device is malicious. If a heart monitor on ward B begins to
transmit its data to a network across the
country at 3am, the reality is that a manual
monitoring process is highly unlikely to catch
the transfer in time for the device to be
quarantined and investigated.
Step two: Build in Artificial
Intelligence (AI) to enforce
policy automatically Instead, deploying AI allows teams to
develop policies that leverage context, such
as the user role, device type, certificate
status and location or day of week, to
make quick and accurate decisions each
and every time. When an IoT device joins
AI is also important in the next stage of
securing IoT – enforcing policy. Today’s IT
www.intelligentcio.com