be-nz logo
Story image

Are we security-ready for Alexa in the office?

08 Feb 2019

Forescout has released commentary on the growth of the Internet of Things (IoT) devices in homes, such as Amazon Alexa or Google Home, and what that might mean when they make it into the office.

Despite knowing the security risks inherent in these voice-activated devices, people are embracing them because of the convenience and functionality they offer and this is emblematic of the rise in consumer IoT versus enterprise IoT applications, according to Forescout. 

“There are relatively few organisationally-specific IoT apps being deployed in most enterprises today,” says Forescout Asia Pacific and Japan systems engineering senior director Steve Hunter.

“One example we saw recently was led by workplace resources and placed a Raspberry Pi in every meeting room as part of an experiment to track temperature, humidity, noise levels and room utilisation, but it’s rare to see. 

“There are two broad categories of enterprise IoT devices we see commonly in use. The first are single-vendor complete solutions, such as a company’s IP Telephony system, which has been engineered with security in mind as part of the overall design. The other type is stitched together from multiple vendors, such as enterprise printing systems or IP video surveillance systems, which don’t have a ‘whole-of-system’ view of security engineered into them and are inherently more vulnerable than the first type” 

The next wave of IoT devices to enter the corporate environment In Australia and New Zealand are likely to be these next-generation consumer-facing devices that aren’t necessarily productivity tools but, rather, personal devices that people enjoy using. 

“Tools like Alexa and Home are incredibly useful and convenient. People are used to having them at home and they will want to bring the same level of convenience into the office with them,” Hunter adds.

This will create a second wave of consumerisation of IT in the workplace and IT departments must be prepared with a strategy for managing these devices. 

It’s essential to have policies around how these devices are connected to the network and segmented to avoid creating unnecessary vulnerabilities.

For example, if a number of workers have voice-activated devices like Home and Alexa connected to the corporate network, these could become targets for massive botnet attacks or other hacks that can compromise the user’s personal security as well as the organisation’s security. 

“The risk of IoT devices in the enterprise being absorbed into a botnet, practically speaking, has not been commonly seen in the wild, because companies have a long history of having strong perimeter controls in place,” says Hunter.

“But enterprise IoT devices are normally internally-focused as opposed to personal assistant-style devices that are outward looking towards the public internet. This makes it difficult to assess whether the traffic to and from these devices is malicious compared with internally-focused devices where communication with the public internet is a strong signal the device has been compromised. 

“Unlike the first iteration of the consumerisation of IT, where employees brought their smartphones and tablets to work and IT addressed the newly introduced security risks by deploying mobile device management software on these devices, this second iteration introduces devices where such software agents cannot be used to provide security. 

“The answer to this challenge is for organisations to deploy visibility tools that let them see definitively every device that’s connected to the corporate network, along with that device’s activity. Businesses can then segment the network and treat the devices according to their level of risk. 

“Without that visibility, businesses could find themselves more vulnerable than they were prepared for when allowing consumer IoT devices into the network. And, with the number of personal IoT devices connected to corporate networks continuing to rise, having a plan to address this visibility gap today is essential.” 

Story image
Hands-on review: JBL Tune 220TWS
Another great part of the design is the earbuds themselves. Most other earbuds on the market can’t be worn for more than two hours at a time because of the amount of pressure they put on ear canals. Thankfully, the JBL Tune 220 were designed with all-day wear in mind. More
Story image
Poly announces new Trio device and new personal speaker
The Trio C60 smart conferencing device and the Calisto 5300 personal speaker are bot Teams-enabled out of the box.More
Story image
Advertisers modelling GFC behaviour as Facebook ad costs tank and Google Ads rise 
"Marketers are looking to prove return on investment by spending on what is measurable and targeting customers who are already searching and already in the click and buy cycle."More
Story image
Time to take responsibility: E-waste - a global crisis
e-Waste is the world’s fastest-growing domestic waste stream, fueled by consumption rates of equipment, short life cycles, and few options for repair.More
Story image
Culture Amp announces new integrations with Microsoft Teams and Slack
These new integrations, which were prompted by the recent move of many to remote working setups, enables users to give and receive feedback without having to leave the primary application where they are completing their work.More
Story image
Why retailers need to accelerate ecommerce and real time data capabilities to remain relevant in the ‘new normal’
The retail companies that will be most successful are those that can most effectively harness the data generated to refine and adapt their data and analytics strategy quickly.More