Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

When the IoT Comes to the Office

Do You Have a Security Policy for “IoT” Gadgetry in the Office?

Do You Have a Security Policy for “IoT” Gadgetry in the Office?

It’s the first work week of the year, and for many of us that means hauling in some new gear into the office. Santa continues to bring more widgets and gizmos, and some of that stuff comes to the office with you. I think this is as good a time as any to think about the Internet of Things (IoT) and what it means for your CISO.

We’ve had an Amazon Echo at my house for a while now, since I couldn’t help myself but get on the early adopters list long ago. Truth be told, I love it. Alexa tells me the weather, keeps the twins’ Raffi albums close at hand, and reminds me to buy milk. But since my daughter has discovered her inner spider monkey, she likes to climb up on the cabinet where Alexa lives and likes to talk to her… and pull on the power cable. Also, she once turned the volume up all the way so that when I asked Alexa the weather at 6:30 a.m. I woke up the entire house…whoops. So long story short, Alexa has been unplugged, and I thought … why not take it to the office?

IoT Devices in the EnterpriseHere’s the issue — Echo is “always listening” so there’s that question of how welcome she would be in my office where confidential and highly sensitive conversations are a-plenty. Furthermore, Echo streams music and would need my credentials to get wireless network access. I suppose I could just use my personal Wi-Fi hotspot, but that seems like a waste. In case you’re wondering, I opted to not test my CISO’s good will, and Alexa will just have to live with my twins’ abuse.

But on a serious note — how many things are showing up at the office this week that are an always-on conduit to your network from some external third party you really shouldn’t be trusting? Watches, streaming media widgets, phones, tablets and a whole host of other things are likely making their way into the office right now. You probably have a BYOD policy, but do you have an IoT policy? BYOD policies are meant to address your mobile handsets, tablets and personal laptops, but who’s addressing all the other gadgetry?

Now is a great time to start to think about policy and procedure for the inevitable. As everything imaginable starts to ask for an IP address from your network, make sure you watch ingress and egress points and terminate encryption so you can properly inspect all traffic. What is your policy for things like the Amazon Echo, on your corporate network? Would your network even notice if one of these devices showed up, plugged in and pulled an IP address? Then what?

Enjoy those new gadgets folks, but remember, practice safe computing!

Learn More at SecurityWeek’s CISO Forum at Half Moon Bay

Advertisement. Scroll to continue reading.
Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Compliance

The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Data Protection

While quantum-based attacks are still in the future, organizations must think about how to defend data in transit when encryption no longer works.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...