As the number of connected devices continues to rise— with the International Data Corporation (IDC) forecasting over 55 billion by 2025—managed service providers (MSPs) are facing increasing challenges to deliver security at scale.
In October, SmarterMSP.com posted an article about the rapidly changing IoT environment and how MSPs can best adapt. This week, SmarterMSP.com presents some more voices from the IT world, offering insights into this increasingly important topic.
Asimily, an IoT security company, focuses on securing IoT devices. Its CEO, Shankar Somasundaram, shared his expertise on IoT security, saying that MSPs must take a fully comprehensive approach to securing these heterogeneous device fleets.
“Implementing zero-trust architecture is crucial—assume no device or network is inherently safe,” Somasundaram explains, adding artificial intelligence (AI) and machine learning capabilities can now deliver real-time threat detection and anomaly identification.
“This helps manage the increasingly vast data streams generated by IoT devices,” he adds, going on to say that regular firmware and software updates remain a critical defense against emerging vulnerabilities.
IoT security is critical for long-term success
Somasundaram also states that MSPs must develop comprehensive incident response plans tailored to IoT-specific scenarios. “For MSPs, client education also plays in important role in protecting these networks. Helping clients understand the importance of IoT security and the necessity of ongoing protective measures is essential for long-term success,” he shares.
Mike Nelson, Global VP of Digital Trust at DigiCert, offers a similar viewpoint, “asserting that securing IoT devices is more critical than ever.” He offers some insights on what MSPs can do to keep their clients safe in a 5G IoT world.
Segment your network
With a massive influx of IoT devices, segmenting networks is crucial, Nelson states.
“By isolating IoT devices from critical systems, you reduce the risk of widespread compromise,” he explains, adding, “In the case of medical IoT devices, these should be separated from administrative systems in healthcare organizations. Network segmentation limits the blast radius if one device is breached, containing threats before they spread.”
Implement zero-trust architecture
Nelson says that given the mobility and remote nature of many IoT devices, adopting a zero-trust model is key. “Assume that no device or user is inherently trusted, whether inside or outside the network,” Nelson states, advising the use of multi-factor authentication (MFA), identity verification, and encrypted communication for every access request. “This ensures that even if a device or account is compromised, attackers face additional barriers.”
Utilize strong PKI
Public key infrastructure (PKI) has long secured digital communications. Nelson explains that it is also highly effective for IoT environments. This is especially true for those utilizing cloud infrastructure. He explains, “PKI can help authenticate devices, encrypt data, and ensure the integrity of communications. Cloud-based PKI solutions can scale easily as IoT deployments grow, offering strong security without the complexity of managing certificates manually.”
Regularly update device firmware
Many IoT devices are vulnerable because they lack timely firmware updates. “MSPs should ensure automated firmware updates are enabled across devices,” advises Nelson. “This minimizes the attack surface by addressing known vulnerabilities.” He adds that MSPs must patch the devices or apply other security measures if an update cannot be deployed immediately. Alternatively, MSPs can mitigate risks through network isolation or additional security controls.
Monitor devices and establish threat detection
Continuous monitoring of IoT devices is essential for identifying unusual activity, Nelson shares. “Implement real-time threat detection tools that can alert security teams to potential intrusions or device failures,” he says, adding that with the increased attack surface of IoT networks, it’s crucial to have visibility across all connected devices and take immediate action if anomalous behavior is detected.
Plan for scalability
As IoT device networks grow, Nelson explains, challenges also increase. Therefore, he advises ensuring that security solutions are scalable. Automating certificate management with platforms like DigiCert IoT Trust Manager helps securely manage large fleets of IoT devices.
“These platforms simplify managing certificates during the entire device lifecycle, including during manufacturing and at the edge, security is a continuous process, and staying ahead of the curve will help organizations protect their valuable data and operations,” Nelson concludes.
By applying these strategies, MSPs can strengthen the security posture of their IoT networks. This will help them grow and adapt to the demands of a 5G world.
Photo: Roman Samborskyi / Shutterstock
