NIST NCCoE Helps Tackle the IoT Security Conundrum Credit: iStock By: Larry Lunetta, VP Portfolio Solutions Marketing at Aruba, a Hewlett Packard Enterprise company. When organizations implement Zero Trust and SASE cybersecurity frameworks, the top priority is ensuring those connecting to the network are authenticated with appropriate access privileges. Users often represent the most fertile attack surface as they can go rogue or be phished, inadvertently sharing sensitive information with malicious actors that can cost a business dearly. Meanwhile, organizations also must manage the flood of “things” entering the network, as in the Internet of Things (IoT). Sure, a wireless thermostat or smart speaker can’t be phished like a person, but each device represents another node that further expands the attack surface area, an area expanding at an exponential rate. Thankfully, recent communication from NIST National Cybersecurity Center of Excellence (NCCoE) have helped to address this issue. To summarize the findings, network and security teams face significant obstacles in securing IoT devices on the network. Dealing with IoT devices is just as complicated, if not more so, than managing users when tasked with safely and securely onboarding those devices onto the network while also monitoring them for optimal performance and protection. Network Layer Onboarding and Lifecycle Management NIST highlights in its project description how IoT security is difficult for myriad reasons: Manufacturers often provide a single set of log-on credentials for the millions of devices these organizations produce. Although sharing the same network credential for every device is often simple, this system lacks the ability to identify each device, nor is there a method to verify each device is connecting to the appropriate network. In contrast, manually provisioning a unique network credential for each device drastically increases the complexity of the on-boarding process, let alone that such approaches are resource intensive, error-prone, and insecure. Going further, requiring manufacturers to assign a unique network credential to each device as part of the manufacturing process is impractical and inefficient while potentially raising the cost of production. Lastly, even if each device includes unique credentials, IT often lacks visibility into these devices connecting to the network. Those blind spots lead to gaps in the overall security paradigm, no matter the effectiveness of Zero Trust and SASE frameworks from the user security side. To help solve the problem, NIST NCCoE created a new project called, “trusted network-layer onboarding and lifecycle management,” essentially a method to automate the network-layer onboarding based on the following ground rules: Provides each device with unique network credentials Provides the device and the network an opportunity to mutually authenticate Is performed over an encrypted channel (to protect credential confidentiality) Does not provide anyone with access to the credentials Can be performed repeatedly throughout the device lifecycle Effective, Efficient IoT Cybersecurity By leveraging the NIST recommendations, IT teams can create a network that provides the connectivity, performance, scale, automation, and security that their respective businesses need. Afterall, IoT devices are not just for tracking building maintenance or occupancy, they provide critical data that informs business leaders about how to optimize its organization to achieve business goals, whether that’s improving the physical health of its employees or finding new and better methods to operate. The data IoT devices create and compile may also help further automate processes and even support more efficient way to manage IT infrastructure. Watch this video to learn about how Aruba ESP can help organizations better manage IoT on the network as part of digital transformation initiatives: Related content brandpost Sponsored by HPE Aruba Networking Introducing Wi-Fi 7 access points that deliver more Achieve enhanced secure connectivity, maximized performance, increased IoT and location capabilities, and even more data processing at the edge with the new 700 Series Wi-Fi 7 access points. By Tanya O'Hara Apr 24, 2024 6 mins Wi-Fi brandpost Sponsored by HPE Aruba Networking Harnessing the power of the AI/5G inflection point Enterprises and telco operators are preparing their networks for profound innovations to come. By David Stark, Vice President and General Manager, Telco Solutions, HPE Aruba Networking Apr 16, 2024 7 mins Artificial Intelligence brandpost Sponsored by HPE Aruba Networking Leader in GigaOm Radar SASE report for single-vendor SASE By Nav Chander, Senior Product Marketing Manager, SASE & SD-WAN Apr 15, 2024 5 mins SASE brandpost Sponsored by HPE Aruba Networking Empower your network to work smarter, not harder Unleash the power of a security-first, AI-powered network to accelerate line of business outcomes and elevate end-user and IT experiences. By Dave Chen, Head of Campus Switching Product Marketing Apr 03, 2024 3 mins Networking PODCASTS VIDEOS RESOURCES EVENTS NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe