The IoT Conundrum

Employees working remotely improves performance. But at what cost?

One of the major revelations that came out of last year’s rash of data breaches was that, as Information Age says, “There is a greater acceptance of the fact that attacks will happen.”

This sounds obvious. Only, it’s not.

For years, executives have tried to assuage concerned CEOs, board members, and stockholders with promises of a magic bullet that prevents breaches. We now know this simply is not possible. Because in addition to criminals becoming more prodigious, the ways in which employees perform their jobs—the IoT workplace, if you will—has also grown, complicating security.

Solutions, in turn, have evolved from aspirational to practical. Instead of fooling themselves into thinking they can preempt hackers, security-ops teams are turning to predictive forensics to catch thieves early in the act.

Right now, there is simply too much data to protect, too many endpoints to be compromised. Which is why behavioral analytics has exploded in popularity. It makes sense to concurrently study users, machines, and files—rather than to create a set of rigid parameters around each of them.

It’s also exposed the need to find an analytics platform that approaches data in at least two ways. Use machine learning to study existing data multi-dimensionally. And scale to an enterprise’s expanding data needs.

Graphic courtesy of IDG Enterprise

“IoT represents a huge potential attack surface for cyber criminals,” writes ITwire. “They simply cannot support sophisticated security software on the device…they are spread across large areas with little hope of physical management.”

IDG Enterprise recently published a study that maps out the many ways employees work remotely, along with which security concerns arise from them. The report finds that 63% of workers rely on laptops (with one in 10 stolen), 48% on smartphones, and 21% on tablets. Meanwhile, 79% of them emphasize that accessing networks outside of work hours is essential to their productivity.

Monitoring this activity has exceeded human ability. IT teams, security architects, and CISOs are still integral to designing, maintaining, and challenging security strategies. But we now need them to devise IoT best practices and work with HR to educate employees about negligence. Meanwhile, it’s just as important for them to think of analytics as tactical and not technical—investing in a platform, or augmenting their existing one (such as a SIEM), that secures both the data and the device.