Ensuring Security for IoT and Legacy Apps When the Cloud Isn’t an Option
Current projections suggest that organizations will continue to invest in their Internet of Things (IoT) environments over the next decade. According to MarketWatch, for instance, the global IoT market is expected to reach $1.5993 trillion by 2024 at a CAGR of 21.1%. This forecast reflects how organizations will continue to broaden their exploration of IoT, and to ensure the resilience of their IoT-based operations.
Time for a Reality Check
These days, a lot of focus is put on migration of services and infrastructure to the cloud. However, in the world of IoT, almost by definition it’s not always feasible for organizations to go beyond their own walls for solutions.
In addition, many organizations struggle with other apps and services that simply won’t work in a cloud environment. This point wasn’t lost on Information Security Buzz. The advent of cloud storage preceded the development of countless apps, the website wrote, which means that organizations didn’t create those apps—at least initially—to work with the cloud. As a result, some might be hesitant to migrate their apps over to a virtual environment. That might be the case if organizations are dealing with legacy apps, servers, and other enterprise assets that manage business-critical data.
Security is an issue, too. According to co-location provider vXchnge, public cloud providers do offer extensive security measures, but many of them make it difficult to actually use those defenses. The architecture of cloud implementations is very different from those in traditional networks and require a completely different skillset to manage security effectively.
Finally, financial costs might prevent organizations from migrating their apps to the cloud. Opensource.com shared one example where a utility company’s labor costs rose to an untenable height while it was in the process of moving its applications to the cloud. (After reevaluating its apps, the company found that some of its apps suffered from data ownership and compliance issues or lacked certification for use in the cloud.) The website also presented the example of a fictional travel company that expanded its hosting capacity to 40,000 servers. Traditional cloud pricing models aren’t feasible for organizations that consume such volumes of bandwidth, as they would need to expand more quickly and in bulk versus migrating a rack at a time.
IoT and Legacy Security Is Still Important
Organizations might not be able to migrate to the cloud for one reason or another, but that doesn’t mean they can overlook their IoT security. Not when digital criminals are getting so creative with their deployed IoT devices. For instance, The Business Journals discussed how malicious actors are “beachheading” peripheral devices by exploiting a vulnerability in a smart product and using it to infiltrate the corporate network. This isn’t anything new; attackers have been doing this for decades with printers and fax machines. The difference is that many IoT devices – new and old – lack necessary security features, thus opening even more avenues by which malicious actors might seek to establish a foothold in the network.
Acknowledging all these challenges, some organizations might not be able to use a cloud-based tool and might instead need an on-premises solution to address their IoT security needs. That’s where Sentinel can help. Our Managed Network Detection & Response (MNDR) solution helps organizations achieve visibility over their network not with the help of a SIEM or another endpoint agent, but with network tools monitored by a team of experts. Those individuals monitor the network for critical security events 24/7, which puts them in a position to troubleshoot issues and provide support quickly. The MNDR service also leverages real-time notifications, enriched threat intelligence data, and passive logging for threat hunting.
Learn more about how Sentinel can keep your IoT environment safe.
Ted has worked with network security and web technologies for almost 30 years, beginning his career as a full-stack web engineer and transitioning to network security. He now guides Nomic and its supporting initiatives, including CINS Active Threat Intelligence.