Irvine: Proactive segmentation of consumer-based devices from the enterprise network is the primary means. You do that through the implementation of MDM solutions, or MAM, mobile application management, solutions that allow you to create individual partitions on the user's device so that you can segment your applications and data and network access, to allow only authorized segments of the consumer mobile solution. Development of VPN configurations, tightening down, and rather than concentrating on perimeter security, concentrate on application security. A more application-centric approach, application firewalls, application scanning.
CIO: Does it fall on CIOs and IT to educate users about the risk of these new IoT and connected home devices?
Irvine: Yes. The number one proactive means of securing any type of environment is through user training and education. Not only what to what to do, but why to do it, so they understand the risk.
CIO: A lot of these things, again, really apply to mobile device security in general. They're not necessarily specific to IoT. It doesn't sound like a company that is already security conscious really needs to do anything different to address IoT.
Irvine: That's correct. The problem is the threat footprint just continues to grow. I can no longer concentration on the users' individual cell phones. I have to concentrate on phones, tablets, PCs, their Wi-Fi network at home, their firewall at home, on their consumer-grade controllers, these "Internetable" devices.
In truth, what we should be doing implementing the least privilege type of security, where nobody has any rights unless I specifically give it to them. In today's new BYOD environment, it's really set up so that everybody has all rights until I say no. We have to get to the limitation of the only people who have access are the people I give it to. A concentration on the least amount of privileges.
CIO: It used to be more like that, before smartphones really hit the enterprise, before BYOD. Do you think the current trend will reverse itself?
Irvine: I absolutely think it will.