<p>IoT is meant to drive operational efficiency and improve decision-making, largely by automating processes and reducing overall costs. But with these benefits come escalating cybersecurity <a href=”https://www.techtarget.com/iotagenda/tip/5-IoT-security-threats-to-prioritize”>threats that target IoT devices</a>, which are notoriously vulnerable compared to traditional IT infrastructure.</p>
<p>Several security frameworks address IoT, including the <a target=”_blank” href=”https://www.techtarget.com/searchsecurity/definition/NIST-Cybersecurity-Framework” rel=”noopener”>NIST Cybersecurity Framework</a> and <a target=”_blank” href=”https://www.isa.org/standards-and-publications/isa-standards/isa-iec-62443-series-of-standards” rel=”noopener”>IEC 62443</a> for industrial systems. That said, one approach — <a href=”https://www.techtarget.com/searchsecurity/tip/Perimeter-to-posture-A-roadmap-to-zero-trust-maturity”>zero trust</a> — has bubbled to the top as the most practical way to secure IoT. Zero trust’s emphasis on continuous verification, continuous validation, microsegmentation and network-based behavioral analytics helps enterprises address visibility and enforcement gaps common when working with low-cost IoT devices.</p>
<section class=”section main-article-chapter” data-menu-title=”Common IoT security challenges”>
<h2 class=”section-title”><i class=”icon” data-icon=”1″></i>Common IoT security challenges</h2>
<p>The rapid expansion of IoT devices and other connected components has dramatically increased the attack surface for enterprise organizations. IoT systems often offer poor visibility, have limited built-in security capabilities and lack support for endpoint protection software, hobbling IT security teams. As a result, unpatched devices with weak credentials are common.</p>
<p>Their inherent security flaws make IoT devices ripe targets for malicious hackers, who exploit them to scan the network and compromise other systems, creating a serious risk to mission-critical components and data. <a href=”https://www.techtarget.com/searchsecurity/tip/How-to-manage-third-party-risk-in-the-supply-chain”>Supply-chain risks</a> only compound the issue. Pre-compromised IoT devices can introduce massive threats at scale, leading to botnets and persistent backdoors that make threat remediation incredibly difficult.</p>
<blockquote class=”main-article-pullquote”>
<div class=”main-article-pullquote-inner”>
<figure>
Their inherent security flaws make IoT devices ripe targets for malicious hackers, who exploit them to scan the network and compromise other systems.
</figure>
<i class=”icon” data-icon=”z”></i>
</div>
</blockquote>
<p>Enterprises that don’t properly address these vulnerabilities face the constant risk of ransomware attacks, operational disruptions, and compliance and regulatory issues. The financial and reputational consequences could be catastrophic.</p>
</section>
<section class=”section main-article-chapter” data-menu-title=”How zero trust addresses IoT security”>
<h2 class=”section-title”><i class=”icon” data-icon=”1″></i>How zero trust addresses IoT security</h2>
<p>Zero trust principles use a “never trust, always verify” philosophy, eliminating the implicit trust often found in organizations that traditionally rely on perimeter-based security. Zero trust shifts enforcement to the network, focusing on device verification and continuous validation of every request<a href=”https://www.techtarget.com/searchsecurity/definition/principle-of-least-privilege-POLP”>. Least-privilege policies</a> — i.e., <a href=”https://www.techtarget.com/searchnetworking/definition/microsegmentation”>microsegmentation</a> — also sharply restrict device communications. That means a compromised IoT device cannot scan and infect other devices on the network, reducing the risk that a threat actor will disrupt operations or steal data from mission-critical systems.</p>
<p>Zero trust also solves the scalability issue of IoT security. Policies are applied, enforced and continuously validated at the network level rather than on the devices themselves. This method lets organizations centralize management and automate enforcement across thousands of endpoints regardless of device type, OS or firmware limitations.</p>
</section>
<section class=”section main-article-chapter” data-menu-title=”Challenges of applying zero trust to IoT”>
<h2 class=”section-title”><i class=”icon” data-icon=”1″></i>Challenges of applying zero trust to IoT</h2>
<p>While zero trust offers clear advantages over other methodologies, implementing it in IoT environments poses certain challenges. IoT
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: