Embracing Zero Trust for IoT and OT: A Fundamental Mind Shift

Sandeep Kumar | January 28, 2021
Securing any network begins with understanding every connected user and device and every bit of data they are trying to access. This is a basic premise of any security framework—including Zero Trust. Clearly, you need to know who is trying to access what before you can create appropriate enforcement policies and controls.
But what happens when devices become users?
Zero Trust requires that security start with the user, but interestingly, it’s not limited to the user identity. Security must focus on where the threat is most likely to occur. IoT, OT and network-enabled smart devices introduce a massive area of potential compromise for networks and enterprises. As a result, security architects are being forced to re-examine the concept of identity. Essentially, every connected thing has an identity and must be under consideration within the Zero Trust Framework—users, devices, virtual infrastructure and cloud assets.
Consider this:
Don’t stereotype—every device is unique
Truly understanding devices requires much more than simply identifying their IP addresses, manufacturers and model numbers. It’s important to gain detailed insight into every device on the network, including its business context and potential for risk. This is where accurate situational awareness makes all the difference.
Let’s look at a common category of IoT devices: IP-connected cameras. The same camera often performs very different functions. For example, is the camera used for video surveillance or for video conferencing? In financial services, the camera might be used to monitor customers during transactions or built into an ATM for scanning check deposits. The video feeds from each of these cameras need to share communication paths with different data center applications and cloud services. As such, the concept of device identity and context is foundational for Zero Trust security.
Zero Trust considerations for IoT and OT
Creating a Zero Trust architecture requires in-depth understanding of all IoT and OT systems on the network, so you can make context-based segmentation decisions to reduce business risk without unduly impacting availability. To truly embrace Zero Trust across your enterprise network, here are some things to consider:
Forescout is the vendor for Zero Trust IoT/OT focused security—Just ask Forrester.
According to The Forrester WaveTM: Zero Trust eXtended Platform Providers, Q4 2019 , “IoT/OT device security is one of the hardest problems to solve within the enterprise. This is Forescout’s sweet spot.” In fact, Forescout is the only company recognized specifically for IoT and OT focused security in Forrester’s 2019 Zero Trust Wave.
The report’s authors also noted, “[Forescout’s] platform and capabilities for IoT/OT security shine above those of the competition. Maximum visibility, leading to maximum operational control and, ultimately, security, is the crux of Forescout’s approach to Zero Trust.”
Toll-Free (US): 1-866-377-8771
Tel (Intl): +1-408-213-3191
Support: +1-708-237-6591
Headquarters
190 W Tasman Dr.
San Jose, CA, USA 95134