Surfing the Internet of Things

Written by BT on 4 September 2018 in Sponsored Article
Sponsored Article

BT argues that the Internet of Things (IoT), where homes, cars, people, even entire cities are connected to the internet, will let you do things you once dismissed as science fiction

Baby, you can drive my car

You don’t have to look too far to see that the IoT has already arrived in the financial services industry.

Young drivers, for instance, can install a black box in their car that captures data about their driving performance and sends it to the insurance company whenever they’re driving. Activated by a smartphone app, the sensor only records the novice driver’s data, and the driver is only insured while they’re driving the car, making driving your parent’s car more affordable.

Behind the attention-grabbing headlines lie cost savings, new insights for innovation and continuous improvement, novel revenue streams, and disruptive business models.

It’s exciting stuff, for sure.

Nail down the security basics

But hold on, you say: if everything connects to the internet, doesn’t that make everything a potential security risk, putting a massive strain on my IT defences? How do I manage such large volumes of data?

IoT security is often the last thing that people think about. But it’s a vital component – the IoT attack surface is vast, magnified by the volume and complexity of the devices, the ‘Things’. It’s possible that nobody is actually monitoring some of these. They’re just being left to their own devices, as it were.

But you don’t need a sophisticated security set-up to prevent potential attackers using the IoT to hack into your business. Here are three basic areas to help you protect your data, devices and connections:

The device itself: Every network-connected device must be accessible by supplier so they can update the software and firmware. Ideally, the updating process will be automated but subject to cryptographic checks and the device should only accept connections and commands from authorised systems. Make sure you have the device support materials – manuals and helpdesk details, for example, and exclude any extra services on the device that you don’t actually need. And make sure you only use devices you can reset to the original factory settings. Finally set up tools to enable early detection and identification of threats to infrastructure and devices.

Identification: Use key management to generate and manage keys for device provisioning and identity. Consider the use of cryptographic signatures on the firmware to determine its authenticity. Disable default passwords and replace with your own, unique and secure versions. And don’t forget to stick a label on each device so you can easily identify it.

Data: Use edge gateways with extra security and digital certificates to exchange data with devices and networks. Make sure you secure cloud infrastructure and communications to and from IoT endpoints, and applications. Use enterprise level data encryption for IoT data in motion and at rest. Protect any personal data including access and consent. And lastly review information security and privacy policies allowing controlled sharing of data with third parties.

Once you’ve got to grips with this basic security housekeeping you can then focus on preventing more sophisticated attacks. Yes, the IoT will increase the workload of your IT team. But the rewards will be substantial – opportunities for more business, new business, and new revenue streams.

Start today by downloading our white paper, Securing a digital financial services enterprise.

See how our knowledge and network can help you make smarter decisions about your digital future.

Download BT's latest report Dispelling the myth: future networks

Andy Rowland is BT's Head of Customer Innovation: Energy, Resources and Manufacturing

Share this page

Tags

Related Articles

Met Police gang database in ‘serious’ breach of data-protection laws, ICO finds
16 November 2018

After being hit with enforcement notice, the London force is working with the regulator to improve its practices

Government to build £1m digital tool to help crack down on prison gangs
16 November 2018

‘Digital categorisation service’ that will identify high-threat prisoners is a ministerial priority

Current police ICT systems are in desperate need of change
15 November 2018

John Kellet of public sector digital specialist Eduserv looks at what at the results of the annual Police ICT Survey tell us about the force’s tech set-up

 

NHS Digital backs transformation of adult social care with £800,000 investment
14 November 2018

Organisation awards deal to support the development of a service to help independent care providers embrace digitisation

Related Sponsored Articles

Make security integral to your business
5 November 2018

BT knows that digital security isn't just about technology. It's about the partnerships, intelligence and expertise you need to stay one step ahead in the security race.

The Driving Forces Behind the Modern Workplace Revolution
24 October 2018

 How can you ensure you get the best from your workplace transformation? Bear in mind these two key drivers, and you'll see the benefits of new technologies

GDPR already isn’t working
15 October 2018

The policies may be in place, but is it happening in practice? BT's Bas de Graaf looks at the reality of GDPR today