• Home
  • Blog
  • Scalable Security for IoT Deployments: Privileged and Permissioned
Scalable Security for IoT Deployments: Privileged and Permissioned

Scalable Security for IoT Deployments: Privileged and Permissioned

Feb 15, 2019 / Kron

IoT and Industrial IoT present the greatest network, data and application security challenges in recent history.

In fact, some experts believe that the business potential for the connected world is being held back due to security concerns, and rightfully so.

What’s holding IT, OT and network operations teams from large implementations, whether smart buildings or smart factories, smart campuses or smart cities, is fear of attacks and security breaches.

In a survey about IoT security published earlier this year, researchers found that 97 percent of respondents believe unsecured IoT devices could be catastrophic for their organization.

For those who had implemented IoT technologies, only 29 percent reported actively monitoring connected endpoints and systems for related third-party risks.

The Ponemon Institute, an independent research firm focused on privacy, data protection, and information security policy, and the Shared Assessments Program, the industry-standard body on third-party risk assurance, published The Internet of Things (IoT): A New Era of Third-Party Risk, confirming what many CIOs already believe: that we’re still early and that there are clear and present dangers when security is not implemented properly.

Real world cyber-attacks against the IoT has heightened awareness over the last few years. Here are a few examples of the most well-known attacks:

  1. In the US, IoT devices were turned into BOTS, and then controlled and used to participate in a DDoS (Distributed Denial of Service) attack like the one that targeted Dyn, bringing down Netflix, Twitter, Amazon, AirBnb, CNN and the New York Times.
  2. In Germany, a steel mill was the target of a cyberattack, when hackers successfully took control of the production software and caused significant material damage to the site.
  3. In Ukraine, an entire power grid was taken offline, impacting 86,000 homes.
  4. In Dallas, Texas, 156 tornado alarms were hacked, and continued to go off in repeating 90-second cycles, causing panic and fear of WWIII.
  5. In the UK and elsewhere, hospital devices were hit with ransomware, causing a state of emergency to be declared, because the hospitals were unable to continue critical services.

It’s no wonder those responsible for enterprise networks, applications, and sensitive data are slow to roll with large IoT deployments, despite their business logic including cost savings, more competitive offerings, more efficient supply chains, and stronger bottom lines.

They’ve spent the last few decades trying to keep up with threats to their basic infrastructure – servers, networks, phone systems, and clouds, putting into place Identity Access Management and Privileged Access Management Systems, to control who has access, or the ability to access, from what devices to the infrastructure, and what level of access they have.

“Today, the IoT is not confined within an organization’s typical control boundary, as the connected infrastructure has moved far beyond those control lines,” the 2017 Verizon Data Breach Digest report said, calling out enterprise IoT saying, “These devices exist virtually everywhere, are available anytime, and are on a variety of platforms. This must prompt organizations to think about IoT threat modeling in a manner that incorporates security and privacy by design.”

To secure these and more modern devices, Gartner noted that privileged access management (PAM) is essential for ensuring IoT networks cannot be hacked, but with the increased number of endpoint devices due to IoT, the demands on PAM are becoming much more distributed, complicated and expensive.

PAM helps to manage the people and the hundreds of thousands of “things” that are connected to a network, and is already in place in most large enterprises today.

As noted by Gartner, however, PAM for IoT is substantially different from traditional PAM. Security specialists must treat PAM for IoT as a specialized domain and not simply as an extension of traditional PAM, because there are huge differences when it comes to securing a variety of IoT devices, supported on over nearly 500 different IoT platforms.

There is no one single security tool/solution for IoT, as is the case with traditional IT and OT.

Traditional security solution approaches are not the only option.

There are and will be privileged accounts for IoT end devices, gateways and servers that are used by humans and applications.

When considering PAM for IoT and not just core IT infrastructure and networking, scalability is a major concern, which is why Kron knows our carrier grade solution is much more scalable, compared to more traditional PAM providers.

To learn more about how Kron’s PAM solutions can secure IoT and IIoT deployments, contact us.

Author: Ilyas Apaydin

Highlights

Enhancing Cybersecurity with AI-Powered Privileged Access Management

Enhancing Cybersecurity with AI-Powered Privileged Access Management

Mar 20, 2024
Reducing Cyber Insurance Costs with Kron PAM: A Smart Move for Businesses

Reducing Cyber Insurance Costs with Kron PAM: A Smart Move for Businesses

Apr 18, 2024
Unlocking Efficiency: The Strategic Advantages of SaaS PAM in Business

Unlocking Efficiency: The Strategic Advantages of SaaS PAM in Business

May 06, 2024
UK’s Telecommunications Security Act (TSA) Code of Practice

UK’s Telecommunications Security Act (TSA) Code of Practice

May 09, 2024
Exploring PAM Deployment Options and Choosing Between SaaS and On-Premise Solutions

Exploring PAM Deployment Options and Choosing Between SaaS and On-Premise Solutions

May 16, 2024
Elevating Privileged Access Management with Kron PAM and Microsoft Entra ID Integration

Elevating Privileged Access Management with Kron PAM and Microsoft Entra ID Integration

May 23, 2024
Enhancing Security with Kron PAM's Multitenancy: A Game-Changer for Large Organizations

Enhancing Security with Kron PAM's Multitenancy: A Game-Changer for Large Organizations

Jun 10, 2024
Safeguarding Your Business from Misuse of AI with Kron PAM

Safeguarding Your Business from Misuse of AI with Kron PAM

Jun 24, 2024

Other Blogs

Blog
Ransomware Attacks Are Increasing

Ransomware Attacks Are Increasing

May 23, 2021 Read More

Blog
Cybersecurity in the Energy Sector

Cybersecurity in the Energy Sector

Jul 25, 2021 Read More

Blog
Best Alternative to Cisco ACS

Best Alternative to Cisco ACS

Jul 10, 2022 Read More

Blog
Cyber Attacks Threatening the Healthcare Industry

Cyberattacks Threatening the Healthcare Industry

Mar 21, 2021 Read More

Blog
Cyber Threats Keep Challenging the Healthcare Industry

Cyber Threats Keep Challenging the Healthcare Industry

Jul 11, 2023 Read More

Blog
What is Network Performance Monitoring? How Does It Work?

What is Network Performance Monitoring? How Does It Work?

May 09, 2023 Read More

Contact Us

Contact us to learn more about Kron Technologies' telecom and cybersecurity products.