News Stay informed about the latest enterprise technology news and product updates.

IoT security tips from an IoT startup

The benefits of IoT are just as well known as the risks that come with it. And, as happens with most new tech trends, CIOs are wary of jumping in at first, Tom Pincince, CEO of Digital Lumens, an intelligent LED lighting startup in Boston, said.

But Pincince hopes CIOs won’t be too wary because although there are risks, “the business benefit is so great that I think the balance between making [IoT] secure and making [IoT] useful [can] easily be reached,” he said.

Lean forward into IoT

Pincince advised CIOs to “lean forward into IoT” and think about how they would use data the IoT will inevitably bring to improve business operations.

As an IoT startup, Digital Lumens, Pincince, and the team, have already begun to discover what connected objects can do for businesses.

“One of the big things that we’ve been able to include in our product is this facility occupancy map,” said, Yolonda Smith, application engineer at Digital Lumens and formerly part of the United States Air Force with a background in cyber security and cyber defense. The occupancy map takes data collected by the LED light fixture sensors in a room or warehouse or manufacturing floor, for example, and maps out where the most activity is happening. “I actually showed that map to a facility manager and a general manager at a certain point and you just saw his eyes go to saucers because all of a sudden he recognized that he can make other decisions based upon the information I just gave him,” she said.

This particular facility manager oversaw a large warehouse with over 1500 of Digital Lumens’ LED lights installed and collecting data, Smith said. The occupancy map made it possible for him to see where within the warehouse his employees were walking to the most. With this information, the facility manager could then rearrange the inventory in the warehouse so that his employees could pull product off the shelves and get them to the trucks quicker and more efficiently.

“That way he could get the competitive advantage,” Smith said. “It was actually really cool that they were able to take it from a light sensor to actually having inventory management.”

But how can CIOs take advantage of all that IoT has to offer while remaining secure?

Here are five IoT security tips from an IoT startup:

1. Be open to discussing IoT within your organization

Like BYOD, IoT is entering the workplace without the CIO even knowing it, Pincince said. And the reason employees are not talking to the CIO about their use of IoT is because “they think the only thing that will happen is that [the CIO] will say no,” Pincince said. CIOs need to embrace IoT and open up the conversation about security best practices with their employees. Pincince said the CIO needs to come forward and say, “I want to engage, let’s make sure that’s all safe, that all the security information and security policies are in place” and figure out how to be partners with employees using IoT devices.

2. Assess the level of necessity

For CIOs in companies creating connected devices that will be part of the IoT, Smith advises that they make sure the data being collected is absolutely necessary to the overall system.

“Every single piece of data that [Digital Lumens] collects is patently necessary to the function of the system and it’s used to, of course, help facility managers and help business leaders and CIOs make other decisions about their infrastructure and about their company and about how they want to move forward,” Smith said.

3. Principle of least privilege

This is the idea that certain people within an organization either using IoT devices or creating IoT devices don’t need access to certain applications or systems or controls in order to do their job, Smith said. Smith uses a toaster as an example: “We don’t need the toaster to have the ability to turn on or to change or to have access to our credit information.” The same goes for a company’s employees; only certain employees should have access to certain information, controls and systems because that access is necessary for them to do their job.

4. Utilize systems

“Utilize services that will allow you to patch, update security policies, update security controls and patch vulnerabilities in addition to updating firmware,” Smith said. She said that one aspect of Digital Lumens’ system that is very helpful when it comes to security is that it allows the team to very quickly update the software and hardware.

5. Use as few services as possible

Digital Lumens, for example, only uses services that are absolutely necessary to make the system work, Smith said. “In our case we only use a service that allows us to provide the most support and we also use a service that allows customers to very quickly interact with the system in a familiar interface — mainly a webpage,” she said. Other than that, everything else is turned off. “Turn off all the services that you don’t need, only use those things that you absolutely need to get your job done,” she said.

Let us know what you think about the story; e-mail Kristen Lee, features writer, or find her on Twitter @Kristen_Lee_34.