With CES a staple in the tech calendar for as long as I can remember, January always heralds the launch of some of the best and at times most bizarre devices of the year. And despite its virtual setting, this year’s show has delivered no differently.
Indeed, products “on display” at the 2021 conference included a furry anxiety robot, a home gardening machine and smart perfume – all of which are either already available to buy or reportedly will be later this year. Good news for all the consumers who are eager to take them home and plug them into their network.
Of course, normally this wouldn’t represent any kind of problem for business leads and their IT teams – you can watch the launches with curiosity and consider each device’s merits as a consumer would. Except this isn’t a normal year – and now it very much could be a problem.
According to Trend Micro research, more than half (52%) of global remote workers have IoT devices connected to their home network and at least 10% are using lesser-known brands. With many such devices – especially from smaller brands – having well-documented weaknesses such as unpatched firmware vulnerabilities and insecure logins, the security implications of your corporate devices now being connected to the same network and vice versa are significant.
While I am certainly not casting any aspersions on this specific crop of CES gadgets, as the lines between work and home networks continue to blur, smart home devices and their apps could represent a major weak link in corporate cybersecurity chains.
So with home working likely to remain standard practice even after the vaccine rolls out, how can you ensure your business is secure no matter where, how and what employees connect to it? And perhaps more importantly, how can you do so in a way that protects employee productivity versus simply locking them out?
Identification – The only way to police access to your corporate network is to know what devices are trying to connect to it (either by name or behaviour), who is operating them and how and why they need to connect. With these details to hand and the right security solution in place, you can differentiate the type of access you grant according to device or user group – full access, access to certain resource only, no access at all.
Visibility – Of course, in order to identify and segment all the devices accessing it, the network must first be able to see them. But with networks now extending across home, branch and cloud environments the picture most companies have today is fragmented at best. And this is only likely to get worse when hybrid working has employees constantly moving in and out of the office. That is why unifying your network infrastructure to ensure a single-pane-of-glass view is such an important step. After all, you can have the smartest technologies running on your network, but if they aren’t seeing the full picture then they can’t function 100% effectively and you’re still leaving yourself open to dangers.
Automation – Even with all this visibility, the sheer volume of devices now connecting to the network makes manual intervention to enforce any access policies practically impossible. Many IoT devices are operating around the clock and have the potential to “go bad” at any time – regardless of whether it is during work hours or not.
With AI you can develop policies that leverage context, such as the user role, device type and location to make quick, accurate and automated decisions about how to react to anything out of the ordinary. That means that when an IoT device joins a network or starts to act suspiciously, it can be automatically quarantined (to borrow a topical word), keeping the rest of your corporate traffic separate and secure.
As we head deeper into 2021, security requirements might be getting more sophisticated, but so are the solutions available to meet them. We know hybrid working is coming, so why not take the time now to get your security prepared for everything this will mean.
By setting up comprehensive visibility as an essential foundation and then building machine learning and artificial intelligence on top, your business can stay one step ahead of and reduce the threat of the home-connected IoT device – and much more besides.
By Jacob Chacko, Regional Business Head – Middle East, Saudi & South Africa (MESA) at HPE Aruba