Caught on Camera: Rethinking IoT Security
We all know that we're on camera pretty much constantly -- most coffee shops, convenience stores, and even offices employ security cameras for protection. But what happens when those devices built to keep us safe become unsafe?
Hacks are becoming more frequent and attacking personal, private data through expanding channels.
A recent widespread breach involving data from 150,000 security cameras has renewed industry discussions around the safety of IoT devices. This has been top of mind at Akamai for years, which is why we protect our cameras, IoT devices, and physical office infrastructure from unauthorized access through network segmentation and our own Enterprise Application Access (EAA) solution.
Akamai reinforced our IoT security in 2019 with a Security-Only Network.
In 2019, Akamai developed our Security-Only Network (SoN) in response to the large Mirai attack that involved compromised camera devices. Our SoN hosts our IoT devices and operates on several key security principles:
No general internet access - Connecting devices like security cameras directly to the internet is an unsafe practice. The SoN is isolated from our primary network.
Simplicity - The more complex you make something, the more difficult it is to ensure that it is secure.
The SoN was originally designed to allow access only from specific locations, but based on the growing need for employees to be more mobile, we now provide limited access to the network for permitted groups using our own EAA product. With the Zero Trust philosophy of "never trust, always verify" baked into EAA, it provides secure, remote access to our IoT devices without any risk of broader access from malicious parties.
The Security-Only Network keeps our employee and company data safe, in partnership with our EAA product.
We protect our IoT devices using network segmentation practices, while taking full advantage of EAA to access the respective management interface for that IoT device. EAA provides a connector to the application server, then dials out to the EAA service on a common port present on most companies' firewalls. With no additional hardware or software required, this process cleanly aligns with our SoN principle of simplicity.
All companies and CIOs should be focusing on IoT security -- and EAA can help.
Traditional perimeters or VPNs that provide full network access can be exploited to access IoT device data. And since most IoT devices are patched less frequently, the risk is higher. To avoid breaches that can compromise sensitive information, customers should protect these devices using EAA as a trusted intermediary, verifying at every step to keep access limited to those who truly need it.