The Privileged Account Security and the Internet of Things

By Milica D. Djekic

The Internet of Things (IoT) literarily flooded the marketplace and some statistics would suggest that so soon every single person in the world would deal with at least 10 such gadgets on average. In other words, we got so dependable to that product of the 4^th industrial revolution and in case of the IoT infrastructure collapse – we could suffer the serious consequences globally. Would this put the IoT in the critical assets amongst some countries? In our opinion, if the US Department of Homeland Security could include small businesses into the critical asset of the United States, a similar situation could happen with the IoT solutions. On the other hand, the small businesses are something that would impact over 50% of the nation’s economy and if anything occurs with that infrastructure the consequences could get tremendous. Also, if your IoT gadgets stop working due to the lack of the internet signal – you should get that could be so inconvenient in case you deal with smart fridges, garage doors or even heating systems. The industry 4.0 would bring us the huge dependability on the web signal and if there is no internet – there would be no operability to the majority of the IoT smart home, the office of industrial solutions. So, how this could get correlated with the privileged accounts and what are the privileged accounts and their security anyway? The privileged account is any well-controlled access to some critical infrastructure environment and such a system would rely on the well-developed procedures and policies that would recommend how to assure such access. Well, the main question here would be if we could use the privileged account approach in case of the IoT technologies. The answer to this question is quite simple and it would indicate if we assume that the IoT private and business solutions are from the strategic importance to some nation – we could say they need the privileged accounts, indeed. The purpose of this insight is to make a closer look to the endeavors of the 4^th technological revolution and suggest us how we could get more secure in such crazy surroundings.

What is the Privileged Account?

The privileged account is any access to the critical infrastructure that is well-maintained and controlled with the series of procedures, policies and login information. The hackers and some terrorist organizations would show the interest to make a breach to such an environment and in that manner; wound some nation or country. The privileged account users would often be trusted individuals, but there is still a huge risk from the insider threats trying to approach the critical assets. Some studies would show that it’s so hard to access someone’s privileged account if you do not count on someone being inside that organization and providing you the critical data. On the other hand, any critical infrastructure device could get vulnerable to cyber incidents and in that fashion; we could discuss a bit more the endpoint security challenges. In other words, it’s crucially important to carefully manage the sensitive information for a reason if you leave your login details and security procedures, as well as policies within some computing unit – the bad guys, could get in possession of that information and use them to access the privileged accounts. Also, it’s significant to mention that the privileged account is not necessarily the access to some could-based environment, but rather the approach to some computer, server or even datacenter. In other words, the privileged accounts could serve to protect some machine from being exposed to malicious activities.

The Internet of Things as a Critical Infrastructure

So many people on the planet would apply the IoT devices through their everyday’s lives and business activities and they would certainly get dependable on those solutions. For instance, there are so many IoT smart homes, buildings and even cities in the world and the functionality of those systems could get deeply correlated with the ability of those solutions to communicate using the web signal. The internet communications could get distinguished into three main spots and those are the source, transition and destination ones. It’s well-known that the critical assets would use the security operating centers in order to get safe or at least under the well-managed risk and the similar practice could get applied to the internet providers which would literarily feed the IoT solutions with their communications signal. For example, let’s discuss the IoT smart heating system for a while! The IoT smart heating system would mainly deal with the computing device getting some software with so and that application would use the internet connectivity in order to exchange the information with the gateway asset. Any heating system would get the thermostat as the gadget that would control the functioning of the boiler that would pump the water to the radiators. In addition, the IoT smart device with its application on would send the web signal to the router and the router would talk to the thermostat in order to make it obtains the desired temperature and the additional conditions in that place. If there is no internet connectivity – there would not be any operability to that system, so far. This could get so serious during the winter months because the hackers and even terrorists could disable your internet connection attacking your web provider and leaving you without the heating at, say, your Christmas Eve. This could get the challenge to so many IoT manufactures which would not take into account the security of their products and which would offer the quite unreliable solutions on the marketplace. In other words, we do not want to criticize anyone because the IoT is so fast growing landscape and so many small economies worldwide would see their chance to progress making and selling the IoT solutions. That’s the quite convenient way to make a profit on, but do not be that selfish to put on the risk so many people over the globe.

How to Secure Your Critical Asset?

The best practice would suggest that one of the ways to protect your critical asset is to use privileged accounts. Even if you cope with those accounts – you should always care about their safety and security. It’s quite clear that if we include the IoT into the critical infrastructure – you would need to think hard about some alternative options on how to make those solutions being so functional even without the internet connectivity. It would appear that in such a case we need to go a step back for a reason our web network is not that safe at all. Also, we would recommend to protect your internet providers and, in some manner, guarantee the security of your signal delivery. We live in the historically quite turbulent period for the entire humankind, so that’s why it matters to think about your and everyone’s security.

The Best Practice is applied to the IoT

The IoT technologies would undoubtedly need some kind of the best practices being applied to them. The first thought in that sense would be that we need better security to all. The insecurity of the IoT advancement could cause dramatic impacts to many people globally. We are fully aware that the industry 4.0 would bring the huge transformation of the existing technologies and in such a case we hope that the industry leaders would closely collaborate with the security community offering the opportunity to the technological consumers to get a peaceful nap while they use their emerging improvements. Maybe the privileged accounts and their security are something that could make us being more secure, but also there are plenty of technological options that should get put into consideration, so far.

The Future Comments

Resolving any engineering task could get the big challenge to any technical team and being so innovative and creating such a historical boom with the emerging technology is the big deal to the civilization’s progress and prosperity. Unfortunately, we live in the era of so many social and economic challenges and in so many cases the security of many people could get threatened. Above all, do not make the new technologies turn against you, but make them be your good friend that would always support you. It’s not that hard, you would agree?

About The Author

Milica D. Djekic is an Independent Researcher from Subotica, Republic of Serbia. She received her engineering background from the Faculty of Mechanical Engineering, University of Belgrade. She writes for some domestic and overseas presses and she is also the author of the book “The Internet of Things: Concept, Applications, and Security” being published in 2017 with the Lambert Academic Publishing. Milica is also a speaker with the BrightTALK expert’s channel and Cyber Security Summit Europe being held in 2016 as well as CyberCentral Summit 2019 being one of the most exclusive cyber defense events in Europe. She is the member of an ASIS International since 2017 and contributor to the Australian Cyber Security Magazine since 2018. Milica’s research efforts are recognized with the Computer Emergency Response Team for the European Union (CERT-EU). Her fields of interests are cyber defense, technology, and business. Milica is a person with a disability.