Network access policies must be updated for IoT

As the Internet of Things pushes deeper into the mainstream, organisations must update their network access policies to address the threat of attacks on IoT devices, Gartner has warned.

The analyst firm predicts that there will be 21 billion IoT devices in use by 2020 — more than three times the number of users with laptops, tablets or smartphones. More than a third of these are expected to be for enterprise use, and close to 6% of IoT devices will be for industrial IoT applications.

But Gartner Research VP Tim Zimmerman said IT organisations currently have issues identifying these devices and addressing them with network access policies.

“Having embraced a bring-your-own-device strategy, organisations must now get employee devices on the enterprise network and start addressing the 21 billion IoT devices that we project will want access to the enterprise network,” he said.

“Whether a video surveillance camera for a parking lot, a motion detector in a conference room or the HVAC for the entire building, the ability to identify, secure and isolate all IoT devices — and in particular ‘headless’ devices — is more difficult to manage and secure.”

Zimmerman said it is important for IT organisations to work with facilities management and business units to identify all devices connected to enterprise infrastructure and set policies to determine if and how these devices will be connected.

To monitor access and priority of IoT devices, organisations may need to consider new practices, such as conducting packet sniffing to identify devices that may have a detrimental impact on the network.

Creating vertical segments can meanwhile allow network architects to separate all IoT assets from other network traffic, Gartner said. As the concept evolves, it could be developed to allow the prioritisation of traffic for each vertical segment — such as a category of devices — based on requirements.

Image courtesy of Olabi Makerspace under CC