Driving on the open road

Unified endpoint management: A new road to IoT security, development

Though still in its infancy, the Internet of Things (IoT) already has a looming problem. While the consumer form of IoT (smart-home tech) gets most of the press, IoT devices are increasingly used for industrial, medical, scientific, and other commercial purposes. This will result in an expanding collection of tools from varied vendors to manage the edge-computing capabilities that some of these devices possess, and that complicate IoT management.

For example, a manufacturing plant might initially use sensors to track temperature, humidity, air pressure, or machine health on the plant floor, all of which could be helpful for tracking product performance back to specific manufacturing conditions. These sensors may not need much, if any, software management.

But when the product itself begins to incorporate edge-computing capabilities, such as embedded Android for automobiles, questions arise regarding how to manage those capabilities. This is where software will play a larger role—software that will need to be updated to add capabilities and eliminate vulnerabilities.

Embracing the Digital Workplace with Unified Endpoint Management (UEM)

Use software to reduce costs and risks

Consider all of the out-of-date healthcare devices that were compromised by the WannaCry ransomware attack. As IoT devices continue to mature and opportunities to leverage them for business advancement increase, organizations will need to carefully outline their approach. Changes in usage or ownership may require equivalent changes in where data is transmitted or how it is encrypted.

Peer relationships will need to be redefined from time to time, especially as additional devices enter the environment. Troubleshooting may require remote access. And eventually, devices will need a proper end of life.

To prepare for these challenges, DevOps and security practitioners alike need to consider ways of reducing the costs and risks of IoT endpoint management.

Unified endpoint management: On the scene

The scale at which IoT will operate places IT operations management practitioners at the center of identifying ways to reduce costs and manage risks of the various endpoints. That's where unified endpoint management (UEM) comes into play.

Gartner describes UEM as an expansion of enterprise mobility management (EMM), which is already in use today to centralize management of user devices that run on different operating systems. Because of divergence, UEM will not be able to manage every kind of IoT device. But those devices that run various versions of iOS, Android, Linux, or Windows are prime candidates for centralized management.

Hotel minibars, contactless payment systems in public transit systems, iPads used for explaining patient treatment options, and airline entertainment systems are just a few examples of systems that are highly distributed, run modern operating systems, and already benefit from centralized management.

IoT endpoint management activities

Not all IoT devices are created equal. Some are simple sensors that cannot receive software or firmware updates, and these will have to be replaced as updates are needed. But the more advanced IoT endpoints are modern mobile devices that are capable of running apps that themselves need management.

The following are some of the management activities that these more advanced IoT endpoints require:

Security-related

  • Vulnerability and patch management: Given that these devices currently use widespread commercial operating systems, security vulnerabilities will emerge that will need to be addressed. This requires knowing what versions of software the devices use, comparing the OS breakdown to known vulnerabilities, and pushing out updates or patches to the devices in accordance with policy.
  • Identity and access management: Managing who has privileges to access a device and the data that it produces, along with privileged access management, is critical to securing any sensitive information that the device may contain. Access to personally identifiable information, healthcare records, or financial information such as credit card numbers must be controlled. Authentication, including two-factor policies, need to be enforced. And all of this must be flexible enough to allow changes as device location, ownership, or usage evolves.
  • Encryption: Policies that require the encryption of data at rest or in motion must be enforced. Changes to encryption methods or where to transmit data must be supported by the endpoint management system.
  • Security information and event management (SIEM): Unusual patterns of data downloads by IoT devices, access from an unusual location, or the unexpected installation of software should be collected using a SIEM system and analyzed using artificial intelligence (AI). Any alerts should be sent to the security team. Also, consider requiring the locking or wiping of the device in accordance with policy.
  • Compliance enforcement: If an application running on an IoT edge device gathers data that's deemed sensitive according to your policy, then the device should be automatically quarantined by the device management server to meet compliance regulations. With the kinds of penalties that the European Union's General Data Protection Regulation (GDPR) introduces, compliance is no small matter. 

 

DevOps-related

  • Release management: Updates to apps that run at the edge must be deployed in a controlled manner that accounts for policy and reduces workload. The sheer number of devices demands an automated approach, but typical DevOps tools, such as Jenkins, can't handle the automation alone. Imagine a medical device being suddenly taken down for an update while it's in use during surgery. Local policy must have a controlling interest in deployments, including the time, current usage, network used to update it, and current location of the device.
  • Anomaly detection and troubleshooting: IoT devices that possess edge-computing capabilities are likely to need troubleshooting, and they must be able to perform troubleshooting activities themselves. For example, if a robot in an automobile factory that manufactures a part detects an anomaly, then the device management server should be notified, and the robot shut down until it can be repaired or have its software updated. The device management server should also notify technicians and provide troubleshooting information collected from the IoT device. That will speed the repair.
  • Asset and lifecycle management: Tracking the ownership of devices at the scale of IoT also demands automation. These devices most likely will change ownership over the course of the lifecycle, and information about location, configuration, and software licensing needs to be maintained.

IoT endpoint management: Consider this

UEM will not replace dedicated IoT management or middleware platforms. But for teams that already manage smartphones and tablets, UEM can lower operational costs—in both day-to-day support and training costs—and help businesses more quickly exploit the advantages of the IoT. As UEM evolves, integration with open-source agents, data acquisition, and big data processing should improve capabilities for UEM to provide the management of a greater set of IoT devices.

The IoT changes everything, from how we build and deliver products to how we grow crops and treat diseases. It redefines the intersection of society, privacy, and technology. Smart cities, self-driving cars, enhanced reality, and global politics—everything is affected by the IoT in ways that are hard to predict. For those organizations that can harness the IoT in transforming their business, the opportunities are immense. But so are the challenges.

Embracing the Digital Workplace with Unified Endpoint Management (UEM)
Topics: IT Ops