• Latest
  • Trending
Why Businesses Can’t Afford Anything Less Than Zero Trust in IoT

Why Businesses Can’t Afford Anything Less Than Zero Trust in IoT

June 24, 2022
Co-Creation Hub’s edtech accelerator puts $15M towards African startups

Co-Creation Hub’s edtech accelerator puts $15M towards African startups

February 20, 2023
Data Leak Hits Thousands of NHS Workers

Data Leak Hits Thousands of NHS Workers

February 20, 2023
EU Cybersecurity Agency Warns Against Chinese APTs

EU Cybersecurity Agency Warns Against Chinese APTs

February 20, 2023
How Your Storage System Will Still Be Viable in 5 Years’ Time?

How Your Storage System Will Still Be Viable in 5 Years’ Time?

February 20, 2023
The Broken Promises From Cybersecurity Vendors

Cloud Infrastructure Used By WIP26 For Espionage Attacks on Telcos

February 20, 2023
Instagram and Facebook to get paid-for verification

Instagram and Facebook to get paid-for verification

February 20, 2023
YouTube CEO Susan Wojcicki steps down after nine years

YouTube CEO Susan Wojcicki steps down after nine years

February 20, 2023
Inaugural AfCFTA Conference on Women and Youth in Trade

Inaugural AfCFTA Conference on Women and Youth in Trade

September 6, 2022
Instagram fined €405m over children’s data privacy

Instagram fined €405m over children’s data privacy

September 6, 2022
8 Most Common Causes of a Data Breach

5.7bn data entries found exposed on Chinese VPN

August 18, 2022
Fibre optic interconnection linking Cameroon and Congo now operational

Fibre optic interconnection linking Cameroon and Congo now operational

July 15, 2022
Ericsson and MTN Rwandacell Discuss their Long-Term Partnership

Ericsson and MTN Rwandacell Discuss their Long-Term Partnership

July 15, 2022
  • Consumer Watch
  • Kids Page
  • Directory
  • Events
  • Reviews
Friday, 31 March, 2023
  • Login
itechnewsonline.com
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion
Subscription
Advertise
No Result
View All Result
itechnewsonline.com
No Result
View All Result

Why Businesses Can’t Afford Anything Less Than Zero Trust in IoT

by ITECHNEWS
June 24, 2022
in Leading Stories, Opinion
0 0
0
Why Businesses Can’t Afford Anything Less Than Zero Trust in IoT

YOU MAY ALSO LIKE

Co-Creation Hub’s edtech accelerator puts $15M towards African startups

Data Leak Hits Thousands of NHS Workers

The IoT Landscape and Threats

Considering the inherent insecurity of connected devices, the threats facing organizations today often involve weakly-defended IoT equipment as the first line of attack. This is especially alarming as 94% of CIOs acknowledge someserious threat to their environment within the next year.

A snapshot of those concerns reveal:

  • Nearly half of CIOs see breaches as their biggest organizational risk
  • 39% see malware and ransomware as their biggest risk
  • 27% say resilience is a top three priority
  • 68% of IT and security professionals plan to use zero trust for device security; 42% actually do

Some risks specifically affecting IoT include:

  1. Built-in vulnerabilities: IoT devices are often shipped specifically for consumer use, without enterprise-grade encryption or security controls
  2. AI-based attacks: Bot-based attacks are getting better at mimicking user activity, more easily breaching the low-security defenses of many IoT devices
  3. Deepfakes in access controls: There are now ways to brute-force even the fingerprint biometrics on your phone
  4. More sophisticated attack methods: Attacks on IoT will become more advanced and harder to defend against as attackers begin to specialize in certain areas (reconnaissance, social engineering, graphic design)
  5. Hidden nation-state attacks: As poorly defended IoT devices yield successful attack returns, nation-states will increasingly hire cybergangs to leverage easy device infiltration and access bigger payloads

Considering there will be over 64 billion IoT devices in use by the end of 2025, it will be impossible to secure your organization and achieve a Zero Trust environment without securing all connected devices that make up your IoT.

Why Zero Trust for Devices is Important

Gartner predicts that by 2025, 99% of cloud security failures will be the customer’s fault. This means it falls squarely on the shoulders of the enterprise to protect the devices that connect to it.

To do this, organizations can establish an identity-based Zero Trust strategy. The National Institute of Standards and Technology (NIST) defines Zero Trust as “a collection of concepts and ideas designed to minimize uncertainty in enforcing accurate, least privilege per-request access decisions in information systems and services in the face of a network viewed as compromised.”

In an identity-centric approach, human and machine identities are at the core of security policy creation, with access controls and policies based on assigned attributes. In this scenario, “the primary requirement to access corporate data and resources is based on the access privileges granted to the requesting user or machine.” So, Zero Trust is established based on cryptographic controls verifying the identity of the requesting machine.

Securing your devices is key to securing cloud access

“If a cybercriminal compromises a device and gains access to the [corporate cloud] environment, they can steal data, engage in a ransomware attack or carry out a malware campaign,” explains data and privacy expert Ambler Jackson. To prevent this, “organizations must have visibility into all connected devices and the ability to verify their identity before allowing access to cloud resources.”

As Venafi expert Ivan Wallis states that “in an on-demand environment, such as the cloud, Zero Trust bootstrapping systems require an identity right out of the gate. And in this type of machine-centric world, human nature doesn’t make sense as a checkpoint—we can no longer make gross assumptions on which external systems should be trusted.” Says Wallis, “In this sense, Zero Trust automatically assumes that a given activity is not allowed on a machine unless it falls within the acceptable security parameters for the user and function.”

For this reason, basing trust on secure digital identities (not general external systems) becomes key to establishing true Zero Trust in the cloud, and across your ecosystem.

Machine-IAM for your Devices

“To implement a Zero Trust strategy, organizations with mature cybersecurity programs use machine identity management. Verifying the identity of a device or a machine is the foundation of securing access to company resources, to include workloads that process data in the cloud,” states Jackson. In today’s threat economy, it is impossible to achieve zero trust without machine identity management.

Within each IoT device are thousands of machine identities or factors that establish the identity of the device and whether or not it can be trusted. As security expert David Bisson stated, “Machine identity management helps organizations gauge how much trust they can place in the identity of their machines,” which includes “credentials, such as secrets, cryptographic keys, X.509 and code signing certificates, and SSH keys.” According to Wallis, “Cryptographic keys and digital certificates are used to identify a machine and determine specific levels of trust. But this only works if you have a way of ensuring the integrity of those machine identities.”

A comprehensive machine identity management policy allows security teams to:

  • Achieve visibility of all deployed machine identities
  • Ensure ownership and governance
  • Protect associated cryptographic keys
  • Automate distribution and rotation of keys
Source: Brooke Crothers
Via: Security Boulevard
Tags: Why Businesses Can’t Afford Anything Less Than Zero Trust in IoT
ShareTweetShare
Plugin Install : Subscribe Push Notification need OneSignal plugin to be installed.

Search

No Result
View All Result

Recent News

Co-Creation Hub’s edtech accelerator puts $15M towards African startups

Co-Creation Hub’s edtech accelerator puts $15M towards African startups

February 20, 2023
Data Leak Hits Thousands of NHS Workers

Data Leak Hits Thousands of NHS Workers

February 20, 2023
EU Cybersecurity Agency Warns Against Chinese APTs

EU Cybersecurity Agency Warns Against Chinese APTs

February 20, 2023

About What We Do

itechnewsonline.com

We bring you the best Premium Tech News.

Recent News With Image

Co-Creation Hub’s edtech accelerator puts $15M towards African startups

Co-Creation Hub’s edtech accelerator puts $15M towards African startups

February 20, 2023
Data Leak Hits Thousands of NHS Workers

Data Leak Hits Thousands of NHS Workers

February 20, 2023

Recent News

  • Co-Creation Hub’s edtech accelerator puts $15M towards African startups February 20, 2023
  • Data Leak Hits Thousands of NHS Workers February 20, 2023
  • EU Cybersecurity Agency Warns Against Chinese APTs February 20, 2023
  • How Your Storage System Will Still Be Viable in 5 Years’ Time? February 20, 2023
  • Home
  • InfoSec
  • Opinion
  • Africa Tech
  • Data Storage

© 2021-2022 iTechNewsOnline.Com - Powered by BackUPDataSystems

No Result
View All Result
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion

© 2021-2022 iTechNewsOnline.Com - Powered by BackUPDataSystems

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
Go to mobile version