Businesses are using multiple emerging technologies including mobile devices, cloud and edge computing, and the Internet of Things (IoT)

Caption: Shutterstock

APAC enterprises face down the growing cloud IoT threat

Smart devices are entering a new era of interoperable connectivity, as consumers purchase and make use of multiple emerging technologies including mobile devices, cloud and edge computing, and the Internet of Things (IoT), to name just a handful.

Devices like smart thermostats and TVs are gaining in prominence, as users become accustomed to spending more time indoors, and even working from home or remote locations in droves. And they’re not just limited to the home, as workers now bring their personal devices to the workplace and connect them to previously internally networked systems.

Moreover, IoT innovations and cloud migrations are fast becoming the skeletal frameworks for enterprises undergoing rapid digital transformation drives. For large organizations, the dual technologies of cloud and IoT foster efficiencies in automation, monitoring, and even controlling various connected devices in smart buildings.

According to The Connected Enterprise: IoT Security Report 2021 published by Palo Alto Networks, 78% of IT decision-makers whose company had IoT devices connected either directly on-premises or via the cloud, reported an increase in non-business IoT devices connecting to corporate networks by employees last year. And as the BlackBerry 2022 Threat Report outlines, less than a third (32%) of UK home workers said that security was a pressing factor in determining their smart device purchase decisions.

Most businesses are, at present, still not putting into place cybersecurity policies that extend to smart devices or personal devices, further raising the threat risk for both businesses and their workers. The issues are exacerbated by the Asia Pacific (APAC) region’s investment in IoT anticipated reaching US$437 billion by 2025, buoyed by rising adoption of cloud, 5G, biometric gear like fingerprint scanning, and video-heavy applications like connected surveillance systems and visual collaboration tools, as per IDC.

Ironically for devices that are often leveraged for remote monitoring of faults and maintenance schedules, threat visibility for IoT devices across cloud platforms is often constrained to manually updated databases of known devices, which means businesses face an uphill battle to secure unknown or personal devices. A lot of IoT equipment also faces identity access limitations in the cloud and hardware constraints for configuring safety controls.

But as APAC organizations become increasingly reliant on these devices to maintain business continuity, they must keep an eye on the evolving regulatory and compliance landscape in their region of operation, specifically on policies governing the role and usage of data and interoperable systems. At the same time, companies often harness multiple cloud services (and cloud service providers) these days, so ensuring that cloud solutions along with IoT security and regulatory best practices are aligned will be of paramount importance going forward.

IT and security leaders in the organization need to be aware of the present threat surface, as well as proactively apply up-to-date security measures so that the operational functions and identities of networked devices are all visible.

Best practices now dictate that organizations should take a zero-trust strategy to minimize data exposure that negatively impacts business continuity. For IoT and cloud environment security, zero-trust employs full visibility over all devices, with real-time monitoring solutions watching over both equipment and risky threat surfaces, and enforce proactive policies that eliminate security blind spots and prevent cyberattacks before they happen, rather than damage control or pay hefty ransoms after the intrusion.

Staying another step ahead, businesses can deploy machine learning (ML) capabilities that can intelligently automate device identities, detect malicious activities or changes in device behavior, and automatically take action to prevent future attacks based on analysis of system data operational processes. With an ever-advancing cyberthreat landscape, ML technologies can help IT and security teams stay vigilant with minimal downtimes and disruptions.