Intelligent CISO Issue 22 | Page 41

E R T N P X E INIO OP Protecting the IoT-driven network – a multi-stage approach Simon Wilson, CTO HPE Aruba UK and Ireland, gives us invaluable advice on deploying a multi- stage strategy to ensure protection vulnerable IoT-driven networks. T he Internet of Things (IoT) is more than just the next stage in technical development. For many businesses it represents a valuable source of data which can be used to gain new insight into processes, operations and customer activity. Offering the potential to spot and fix inefficiencies, identify new revenue streams and much more, it has real economic potential for those who are able to correctly develop, network and generate an investment return. However, crucial to the realisation of this potential is security. As the breadth and complexity of devices on the network continues to grow at a staggering rate, www.intelligentciso.com | Issue 22 many organisations are struggling to secure this rapidly expanding attack surface. If they are unable to get a handle on the situation, then it will prove difficult to tap into the efficiencies and outcomes which make any IoT investment worthwhile. Of course, this isn’t the first time IT teams have faced a device-based security challenge – the rise of BYOD and remote working both introduced an influx of mobile devices into the business environment for IT to deal with. And the way we got through it then is the same as we will now – by taking three simple steps to ensure a secured network. Step one: Start with visibility Put simply, you can’t secure what you can’t see. Before you can take any other steps, it’s crucial that you are Simon Wilson, CTO HPE Aruba UK and Ireland able to accurately map what devices are connected to your network, who is operating them, and how and why they’re connecting to your network. As well as getting a handle on your own ‘official’ devices, shadow IoT – whereby staff connect devices to the network without informing IT teams or taking necessary precautions – is also something you have to consider. Traditionally identification has been fairly straight forward – IT teams worked against a narrow set of devices using well practised techniques and then employed profiling to say what each person or device should or shouldn’t be allowed to do on the network. But with many of today’s devices built with generic hardware and software, or coming from emerging vendors who don’t follow standards; discovery, profiling and identification is proving 41