From monitoring patients’ vitals to authenticating user credentials, governments worldwide are using the Internet of Things (IoT) to improve citizens’ quality of life, improve economic efficiency and enhance public services.

But harnessing IoT is not without risk. IoT devices are often built to prioritise reduced power consumption rather than cybersecurity, says Sean Hong, Regional Director of Strategic Alliance Cloud at cybersecurity firm Fortinet. This can make them vulnerable to hacks.

To continue benefiting from IoT, governments need to address these vulnerabilities. Hong shares the steps governments can take to protect critical data in their IoT devices and multi-cloud environments.

The risks with IoT

IoT devices can be vulnerable to cyber attacks because they are commonly designed without comprehensive security considerations. According to Hong, these devices use their computing power for effective performance, such as good radio connection, at the expense of security protocols like encryption.

This trade-off is necessary because IoT devices may be deployed in places that make replacement difficult, so their power has to last for as long as possible, explains Hong. A more power-consuming device will also be more expensive.

The risks with multi-cloud

Governments are turning to multi-cloud solutions to process the data collected by IoT devices. A multi-cloud refers to a combination of public clouds, such as those offered by AWS or Google, and private clouds.

Multi-cloud solutions allow organisations to access ready-to-use tools in the public cloud such as data analytics and AI, while giving them full control over how to secure their data. Unfortunately, data becomes more vulnerable as soon as it enters the cloud. Hong observes three common threats associated with multi-cloud platforms.

First, there is increased exposure to external attacks when IoT devices are connected to multi-cloud platforms. Most traditional security solutions are not able to stretch across the cloud platform to reach individual IoT devices, he adds, especially given the large number of devices in use today. The connection to multi-cloud platforms, while useful for rolling out services faster, increases the risk exposure for IoT devices.

Second, it is harder for organisations to maintain consistent visibility on all the activity happening across the multi-cloud platform, since the workflow is a lot more dynamic, Hong points out.

Third, the global cybersecurity and cloud skills shortage have made security misconfigurations commonplace on the cloud, resulting in higher risk of data breaches.

What governments can do

When embracing multi-cloud solutions, “it’s very important to have a wide security strategy that is aligned with the government agency’s overall business or digital transformation strategy,” says Hong. He also emphasises that security policies need to be consistent across the different clouds for a seamless cloud-to-cloud network. “They need to impose the same security policies and guidelines across the public and private cloud,” Hong says.

Next, the security measures also need to be able to automatically scale and expand together with the service. This could mean a regional or global expansion, Hong says.

Fortinet’s security fabric integrates all of an organisations’ networking and security measures. This allows IT teams to have a comprehensive overview of everything that’s going on in the network, and enforce security policies, he explains. This is particularly helpful for organisations using a multi-cloud platform.

Automation using AI is the “best way” to counter the cyber skills shortage, says Hong. Fortinet has worked closely with major public cloud providers to integrate their tools for tracking workflow, analysing suspicious events that pop up in the multi-cloud environment and automating security responses, says Hong. This can help to ease the burden on security teams.

It’s clear that governments will continue to deploy IoT at a phenomenal rate. Given their vulnerabilities, it is imperative that governments today begin to secure their IoT services, especially those connected to multi-cloud platforms.