Connected products like Nest, Dropcam and smart TVs are showing up on secure corporate networks. What’s IT to do?
by Stacey Higginbotham
There’s likely a smart TV, a Dropcam, a connected cloud storage drive (or some other connected device) on your corporate network—and your IT department doesn’t even know it. Based on research from OpenDNS’s Director of Research Andrew Hay, many of the world’s most heavily regulated or secretive industries, such as health care or energy, have devices on their networks that call out to unsecured servers or exhibit other behavior that should worry security professionals.
To be clear, his research, which was released this week, didn’t uncover a hack. The report detailed patterns of behavior about enterprise adoption of consumer connected devices and a lack of documentation from the makers of those devices that could be exploited in the future. So whether or not it is a Samsung Smart TV pinging servers in South Korea every five minutes or a lack of understanding and documentation about how a Nest thermostat or Dropcam connects, the report identified several trends worth discussing in corporate networking circles.
OpenDNS provides domain name resolution and security services to companies. It gathered data for this survey from clients and partners based on where devices in their network were calling out to other servers. From this, the company could observe what devices were on the network and what servers and clouds those devices were pinging. (As a side note, the data confirm that many Internet of things companies are hosting their services on Amazon’s cloud followed by IBM’s SoftLayer.)
There were deeper insights in the report as well. For example, this warning: Connected devices look just like normal devices on the outside but they don’t behave like them on the inside. For example, a “smart” TV looks a lot like a “dumb” TV but regularly calls back to a server someplace and thus can be a digital security risk. Until smart devices look smarter, or we adapt to assume that computing and connectivity is all around us, communication among purchasing departments and information technology teams will be essential.
Another issue: Employees brought devices like Dropcam and Nest into organizations knowing they were connected but not seeming to care about the potential risks. Hay, who says Nest has a huge potential opportunity in the enterprise based on the devices he’s already seen connected, is pushing for consumer gadget manufacturers to beef up their documentation and security so they could be easily deployed in the enterprise.
At the very least it’s clear from reading the report that the old perimeter-based perspective on security should be eliminated. IT departments can’t police every device coming into their companies and should instead start thinking about understanding what’s on the network, how it behaves and approaching security as a dynamic problem that will require flexibility and proactive responses to a daily onslaught of problems.