![\"Microsoft](\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2021\/10\/ms-digital-technical-stories-300x112.png\")
Microsoft Digital Employee Experience (MDEE) is building an integrated security controls strategy for Internet of Things (IoT) devices that interact with corporate data or that help ensure human life safety. The IoT consists of all the connected devices that can collect and process data. It represents a new and evolving landscape, in which technology is further integrated into our personal and work environments, driving productivity, efficiency, and convenience.<\/p>\n
As technology continues to evolve, groups across Microsoft are using the IoT to automate monitoring, work tasks, and accessing information. The IoT provides efficiency and convenience at Microsoft campuses by automating conference room devices, monitoring datacenters, monitoring and controlling smart building systems, and interacting with HoloLens devices. Other segments at Microsoft, including manufacturing, sales, and retail, use solutions that are built on IoT devices. Many employees regularly use the IoT outside of work for home appliances and smart vehicles.<\/p>\n
Our cloud-only future has new rules, including anything that can be connected, will be connected<\/em>. We are designing security controls and practices to address the sheer number of devices and security paradigm shifts that come with moving our business assets to the intelligent cloud, using the intelligent edge<\/a> and its millions of IoT devices.<\/p>\n Things are moving fast; the IoT industry is growing and evolving. There are thousands of different devices and manufacturers, which causes some industry-wide concerns about whether IoT devices can be managed securely and reliably. Our traditional methods for securing devices and data were based on the assumptions that devices can be monitored, information can be encrypted, and the flow of data could be monitored by human oversight. IoT devices often have no intelligence of their own and constantly collect and process small amounts of data, which makes them difficult to monitor.<\/p>\n We have not yet implemented a dedicated tracking system for all IoT efforts at Microsoft, but we are working closely with known IoT initiatives, including:<\/p>\n We are creating comprehensive use cases that define the risks, impacts, and probability for each threat.<\/p>\n We define and document threats and risks for each type of device, and we use the scope of impact to define the enterprise risk level for each enterprise scenario. A simple IoT sensor that can detect a person might be used to turn up the lighting in a walkway\u2014it could also be used by a rescue and response team to find people in a disaster. Even the simplest sensor can be used in a critical scenario, so we needed to develop a strategy to help us define high-risk scenarios and how we can implement controls and policies to help mitigate risks. Appendix A contains a more comprehensive list of some known threats and our mitigation strategies.<\/p>\n We decided to focus on establishing a standard and baseline set of controls high-risk enterprise scenarios first. These scenarios represent our core business functions. Any loss of these systems would have a substantial impact on the daily operation and business interest of the company. Other high-risk enterprise scenarios include the loss or misuse of devices that could result in physical harm to people, property, or equipment. For high-risk scenarios, we use the highest level of controls, including:<\/p>\n We are developing more medium-risk enterprise scenarios as we become more reliant on IoT data for planning, modeling, and developing app features. Compromise or loss of this type of data can lead to tangible business impacts. For medium-risk scenarios, we established recommendations for information security, including:<\/p>\n While controls and mechanisms should be put in place for low-risk scenarios, they are not the focus of our IoT security standards. These items present minimal risk if they are rendered unusable. Low-risk IoT devices should not have substantial business efforts built upon their availability or data. For low-risk scenarios, we established recommendations for information security, including:<\/p>\n To help us manage the diversity of IoT devices, we have settled on a few different ways to classify them, starting with how much we know about the device and how it works.<\/p>\n Based on hardware capabilities, we identify the \u201csmartness\u201d of each device and classify it into one of four categories:<\/p>\n We are working to help ensure that developers follow best practices or guidance for building secure solutions while we work on developing specific guidance for securing IoT devices or management consoles. We are developing security standards and control procedures that will be embedded into current and future IoT projects. Until the efforts to publish our IoT standards and policies are complete, we are using additional baseline activities, including:<\/p>\n As the importance of the IoT expands in the corporate environment, so does the need to expand and improve our security mechanisms. At Microsoft, we\u2019re continuing to work internally and with our partners to develop better controls that will help address some of the risks that the IoT presents. Ongoing efforts to expand and improve our IoT baselines will ensure adherence to the practices outlined above.<\/p>\n Internally, we\u2019re expanding our efforts to generate and maintain a comprehensive asset inventory of IoT devices. We are coupling this effort with work related to our Supplier Solution Security Program that will help us manage the onboarding and procurement of secure IoT devices. This data will help us better understand the impact IoT has on our network and allow us to better respond to future incidents or risks.<\/p>\n Additionally, network segmentation efforts are underway to help protect high-risk IoT implementations from informational works and non-critical devices.\u00a0 This network management ability can help is better monitor critical resources and turn off non-essential connections and protocols.<\/p>\n As the IoT continues to accelerate and businesses realize the immense benefits, the next breakthrough capability from Microsoft will enable IoT devices to evolve\u2014bringing intelligence to the edge. While the benefits of edge intelligence are exciting, it will pose new challenges in the way we develop, deploy, and manage IoT devices in a secure and scalable way.<\/p>\n Microsoft Azure IoT Edge<\/a> was introduced recently, and it brings together ways to help us extend our existing IoT gateway offering<\/a>. Azure IoT Edge will help make the secure distribution of cloud intelligence easier.<\/p>\n <\/p>\n <\/p>\n","protected":false},"excerpt":{"rendered":" Microsoft Digital Employee Experience (MDEE) is building an integrated security controls strategy for Internet of Things (IoT) devices that interact with corporate data or that help ensure human life safety. The IoT consists of all the connected devices that can collect and process data. It represents a new and evolving landscape, in which technology is […]<\/p>\n","protected":false},"author":133,"featured_media":10046,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"_hide_featured_on_single":false,"_show_featured_caption_on_single":true,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false},"version":2}},"categories":[1],"tags":[407,115],"coauthors":[646],"class_list":["post-10044","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-enterprise-mobility-and-security","tag-microsoft-azure","program-microsoft-digital-technical-stories","m-blog-post"],"jetpack_publicize_connections":[],"yoast_head":"\n![\"Circular](\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2023\/03\/7863_image001-278x300.png\")
Business challenge<\/h2>\n
Implementing IoT security controls<\/h2>\n
\n
Defining enterprise scenario risk levels<\/h3>\n
High-risk enterprise scenarios<\/h4>\n
\n
Medium-risk enterprise scenarios<\/h4>\n
\n
Low-risk enterprise solutions<\/h4>\n
\n
Classifying IoT devices<\/h3>\n
\n
\n
Designing security standards and control procedures<\/h3>\n
\n
![\"Key](\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2021\/10\/key-takeaways-300x74.png\")
<\/p>\n![\"Related](\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2021\/10\/related_links-300x81.png\")
<\/p>\n\n
Appendix A: Known threats and mitigations<\/h2>\n
\n\n
\n Resource<\/th>\n Threat<\/th>\n Mitigations<\/th>\n<\/tr>\n \n \nSensor<\/th>\n Firmware<\/th>\n Firmware + OS, Field Gateways<\/th>\n<\/tr>\n<\/thead>\n \n On device data, asset loss<\/td>\n Lost or stolen device<\/td>\n Physical security<\/td>\n Encryption of data-at-rest, physical security, password\/pin policy<\/td>\n Encryption of data-at-rest, screen lockout policy, password policy, physical security<\/td>\n<\/tr>\n \n On device data<\/td>\n Lost or stolen hard drive<\/td>\n Physical security<\/td>\n Encryption of data-at-rest<\/td>\n Encryption of data-at-rest<\/td>\n<\/tr>\n \n Removable media<\/td>\n Lost and stolen media<\/td>\n Physical security<\/td>\n Encryption of data-at-rest<\/td>\n Encryption of data-at-rest<\/td>\n<\/tr>\n \n Removable media<\/td>\n Malware transport<\/td>\n N\/A<\/td>\n N\/A<\/td>\n AM\/AV, Disable Autorun<\/td>\n<\/tr>\n \n Corporate credentials<\/td>\n Malware<\/td>\n N\/A<\/td>\n DNS\/URL\/IP blacklisting<\/td>\n AM\/AV, device hardening<\/td>\n<\/tr>\n \n Corporate credentials<\/td>\n App spoofing<\/td>\n N\/A<\/td>\n DNS\/URL\/IP blacklisting<\/td>\n App whitelisting<\/td>\n<\/tr>\n \n Device ransom, online ad theft, credential theft, data theft<\/td>\n Malware<\/td>\n N\/A<\/td>\n Patching, DNS\/URL\/IP blacklisting<\/td>\n Anti-malware,
\njail break detection and reversal, patching,
\napplication black listing,
\nDNS\/URL\/IP blacklisting<\/td>\n<\/tr>\n\n Accidental data exfiltration<\/td>\n User saves to insecure site<\/td>\n N\/A<\/td>\n Data-in-transit DLP<\/td>\n Data-in-transit DLP<\/td>\n<\/tr>\n \n Accidental data deletion<\/td>\n Delete of network master<\/td>\n \u00a0N\/A<\/td>\n N\/A<\/td>\n Backup where applicable<\/td>\n<\/tr>\n \n Terminated employee<\/td>\n Credentials not terminated upon end of employment<\/td>\n N\/A<\/td>\n N\/A<\/td>\n Domain credentials required, blocking inbound remote access tools (such as LogMeIn, TeamViewer), application blacklisting, 802.1x (Wireless Auth), JIT access where applicable<\/td>\n<\/tr>\n \n Terminated employee<\/td>\n 48-hour delay before credentials are invalid<\/td>\n N\/A<\/td>\n N\/A<\/td>\n Remove where supported: Email sync, O365 access, remote access, RMS protected docs access,
\nDomain logins to devices disabled in AD\/AAD<\/td>\n<\/tr>\n\n Malicious SDK\/firmware<\/td>\n Bad code in dev base<\/td>\n Evaluation of device\/firmware<\/td>\n Evaluation of device\/firmware<\/td>\n Hardware rooted trust, evaluation of firmware\/device, code signing, secure boot<\/td>\n<\/tr>\n \n Device<\/td>\n Tampering of device<\/td>\n Physical security<\/td>\n Capability to detect new sensors\/devices that are connected<\/td>\n Capability to detect new sensors\/devices that are connected<\/td>\n<\/tr>\n \n Data<\/td>\n Loss of data in transit between sensor and controller<\/td>\n Encryption of data-in-transit<\/td>\n Capability to detect new sensors\/devices that are connected<\/td>\n Capability to detect new sensors\/devices that are connected<\/td>\n<\/tr>\n \n Data<\/td>\n Loss of data in transit between controller and services<\/td>\n N\/A<\/td>\n Encryption of data-in-transit<\/td>\n Encryption of data-in-transit<\/td>\n<\/tr>\n \n Device<\/td>\n Fake sensor<\/td>\n Physical security<\/td>\n Capability to detect new sensors\/devices that are connected<\/td>\n Capability to detect new sensors\/devices that are connected<\/td>\n<\/tr>\n \n Device<\/td>\n Fake device<\/td>\n N\/A<\/td>\n Physical security<\/td>\n Physical security<\/td>\n<\/tr>\n \n Data<\/td>\n External factors contributing to falsified sensor readings<\/td>\n Physical security, quality control<\/td>\n \u00a0N\/A<\/td>\n N\/A<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n