Embarking on an internet of things deployment might seem like a risky proposition these days. To help customers mitigate the dangers of IoT-enabling their businesses, Microsoft on Oct. 26 launched its Security Program for Azure IoT.
Enterprises across the globe are flocking to Azure IoT, Microsoft's suite of cloud-based internet of things services, according to Sam George, partner director of program management at Microsoft Azure IoT. The fast-growing platform is "pivotal in helping customers in their digital transformation," he told eWEEK. "Customers are already adopting [Azure IoT] with very, very positive results."
With that growing demand comes some strong concerns about data security, George added. Given some of the most recent, high-profile incidents involving IoT devices, those worries are warranted.
Hackers have begun to weaponize the IoT. Last month, security researcher Brian Krebs' blog, Krebs on Security, was besieged by a distributed denial-of-service (DDoS) attack that delivered junk traffic at a rate of more than 600 gigabits per second. Attackers used more than a million internet-connected cameras, set-top boxes and DVRs to overwhelm the site.
On Oct. 21, attackers used a similar tactic to target DynDNS, a Domain Name System (DNS) services provider, and snarl internet traffic. "IoT devices are the very cheap computers that we use to control the heat, lights and baby monitor in your home or tell UPS when a truck needs service—some cost less than $1," Chris Sullivan, general manager of intelligence and analytics at Core Security, told eWEEK.
"Unlike your PC or your phone, IoT devices don't have the memory and processing to be secured properly, so they are easily compromised by adversaries, and it's very difficult to detect when that happens. This is what's driving the new ultra-high-volume DDoS attacks," continued Sullivan.
To help its customers avoid a similar fate, Microsoft announced its new Security Program for Azure IoT during IoT Solutions World Congress in Barcelona, Spain.
Microsoft already bakes security into its IoT offerings, George said. The program is aimed at businesses seeking additional security assurances and serves as a "matchmaking service" of sorts that facilitates contracting with security auditors.
Versed in Microsoft's internet of things ecosystem as well as in IoT security, participating partners can perform end-to-end security audits that encompass devices, gateways, cloud connectivity and practically everything in between, George said. The first batch of auditors include Casaba Security, CyberX, Praetorian and Tech Mahindra, with more to come as the program expands, he added.
Also on Oct. 26, Microsoft announced its Azure Certified for IoT device catalog, helping customers "cut through the technology clutter" of selecting products that meet their needs, said George.
"If you're currently an IoT customer, the Azure Certified for IoT device catalog will facilitate the search of the right device or family of devices," Hector Garcia Tellado, a senior program manager at Microsoft Azure IoT, wrote in a blog post. "You can now refine device search by multiple criteria, get instructions on how to connect to Azure IoT Suite and Azure IoT Hub, and even request a demo of the device from the manufacturer."