On the PharmiWeb site, Wick Hill explains a growing area of security: M2M.
Over the last ten years, he writes, major changes have occurred in IT. With the Internet driving the pace, one of the most significant developments has been the rise of IP to become the dominant protocol. Another key element has been the decentralization of systems, with the perimeters of organizations rapidly disappearing. Anywhere, anytime, anyhow access is now becoming increasingly achievable.
During this shift, he argues, machine-to-machine connections are frequently overlooked as areas of concern.
M2M connections are endemic, he says, and can range from all the complex communications within a modern airplane, through to internal Microsoft
servers talking to each other. Manufacturing, pharmaceuticals and finance are heavily dependent on M2M communication: In the average organization, servers talk to other servers all the time without manual intervention.
Yet Wick argues that most of these internal appliances are not given the same level of security as outward facing systems. They typically rely on gateway systems for firewall and anti-virus protection. More than adequate in the past, unsecured IP connected devices are potentially vulnerable to a range of problems such as network viruses, trojans and hacking.
This puts a whole range of devices are at risk security cameras, VoIP servers and VoIP devices, digital telephone switches, wireless devices, video conferencing systems, data center monitoring equipment, internal security cameras, webcams, POS devices and ATM devices, even routers and switches the list is endless.
Wick points to a company where production was lost for days when robots on an IP network became infected. A pharmaceutical company had to take its systems down for two weeks, to recalibrate them to comply with Food and Drugs Administration regulations, after needing to install urgent patches. Another organization had company data compromised and lost because an internal server was hacked. The cost, of course, can be imagined.
With gateway security being king, Wick says, these devices have been hidden inside the network, and with all the major infrastructure changes taking place over recent years,
securing internal devices has mostly been a low priority. Plus fixing everything is costly, so the risk/return equation didn't make any sense. Management issues have been another factor. Adding tens or hundreds of additional security devices to the IT department's management load would have been an expensive nonsense.
Wick concludes that there are now products to tackle these M2M challenges: Low-cost, easily-deployed miniature firewall/anti virus products are now available and can be installed on a server or in front of a device in minutes. They can protect key IP devices for a few hundred dollars, as well as being capable of delivering the level of reporting needed for compliance with various regulations.