The rise of remote work is creating new challenges for enterprises at every level, especially when it comes to technology management and enablement. As more people shift to work-from-home environments, the need for proactive IT controls becomes increasingly difficult to ignore.
The use of remote access channels can expand an organization's attack surface, as every device connected to the central network can be used to launch malware, ransomware and brute-force attacks. Companies that have integrated internet-of-things technologies are even more susceptible - IoT-focused attacks surged 300% in 2019, according to research from the cybersecurity firm F-Secure - especially when employees are allowed to use their personal computers to access business applications and sensitive information. As IT administrators look for new ways to protect critical assets and data, many are questioning whether zero trust security frameworks are the next step in IoT management.
How zero trust improves IoT security
Zero trust security is a strict IT framework that requires every device attempting to connect to a private network to verify its identity, according to the web-infrastructure company Cloudflare. These access controls are applied to users regardless of whether they're working in an office or connecting to the network remotely. The idea is that IT administrators can use zero trust methodologies to prevent any device (no matter how harmless it may seem) from gaining automatic access to enterprise networks.
In environments that rely on a web of IoT devices, however, limiting access comes with its own operational constraints. For one, imposing strict verification guidelines can reduce the speed at which data travels from one device to the next. This can be a major disadvantage for job sites that integrate their IoT sensors with real-time monitoring tools, such as manufacturing plants, energy distribution stations and telecommunication hubs. That said, the potential consequences of poor cybersecurity far outweigh the limitations imposed by a zero trust framework.
Cybercrime is one of the biggest threats to businesses across industry lines and is a key contributor to widespread adoption of zero trust policies. According to the National Technology Security Coalition's Cyber Security Report 2020, the growing use of IoT devices will "increase networks' vulnerability to large-scale, multi-vector Gen V cyber attacks." This, paired with subpar device-level security controls, make IoT the weak link in many organizations' cybersecurity programs. Another issue is that it can be difficult to maintain visibility over IoT devices without a centralized management platform. Of course, the oversaturation of the cloud services market has provided more options than companies can realistically compare.
In terms of integrating a zero trust framework, Cloudfare points to three key practices and technologies that are vital to any organization's success:
To prevent costly data breaches and cyberattacks, companies must control access for individual users and devices at scale. Considering 152,200 new IoT devices will be connected to the internet every minute by the year 2025, according to estimates from IDC, it's crucial to develop a forward-looking cybersecurity program that addresses both current and future risks.
Zero trust security implementation tips
Beyond limiting automatic access for users and workstations, organizations must also create a "zero trust ecosystem" that can identify and control "non-user devices," according to TechRadar. Non-user devices include network routers, environmental sensors, IoT appliances and other pieces of equipment that do not have dedicated users, or don't require consistent human intervention. When creating a zero trust framework, IT administrators should use an "agentless device visibility and a network monitoring solution" that is compatible with IoT and OT devices. When combined with real-time data collection and analysis tools, these monitoring solutions can provide a holistic view of network access, traffic flow and device usage that will help inform zero trust policies and architecture. When implementing such a system, organizations must also address what infosec expert and Threatpost contributor Tony Kueh calls the "five pillars of zero trust security:"
Perle offers powerful connectivity tools that can help organizations maximize their network security and develop a zero trust framework. Our industrial-grade Ethernet switches and console servers are designed for big data environments that depend on the uninterrupted flow of data. Read some of our customer stories to find out more.