If the Internet of Things (IoT) is dominating almost every conversation about technology, then security is most definitely top of mind in most IoT discussions, from redefining security principles and helpful tips on securing data, to alarmist allegories predicting the IoT’s impending doom.
The fact is that security is paramount for the safe and reliable operation of smart, connected products. There must be robust security management systems put in place to protect data transferring to and from products, to protect against unauthorized usage, and ensure secure access between systems.
The challenges associated with security won’t slow down the IoT; it’s already transforming how companies compete. Security issues will have to be addressed however. Let’s examine how the IoT will meet these challenges by playing to its own strengths.
Siloing exposed networks
Security-driven transformation will include intranets of things—which means smarter segmenting and the siloing of sub-networks based on exposure risk. According to Jayson O’Reilly, director of sales and innovation at South-Africa based securities firm DRS, businesses must “understand which devices are susceptible to malware infection, and figure out how these devices can potentially be isolated from the IoT.”
In other words, just because a company has smart, connected sensors and devices, doesn’t mean they need to be in direct network proximity of other connected devices, such as employee IP networks or data storage. Out of band (OOB) networks are beyond public reach, further improving security. On the consumer side , expect to see similar firewalls between user-facing inputs and displays and the IoT plumbing that connects smart homes and devices.
Leverage a diagnostic, fault-tolerant cloud
IoT/cloud advocates often tout the cloud’s ability to capture and reuse data, but cloud-based remote services are equally important. Consider two ways a basic network of smart agricultural sensors and machines could operate: One way is to have individual items collect and process data, operate based on the results, and incrementally pass data out to a cloud. A second and more effective way is to have sensors pass data to cloud applications, which process the data and return operational instructions to devices. Cloud applications remove limits on capabilities while lowering the cost and complexity of connected products.
By extension, cloud applications can also perform persistent diagnostics and data validation, ensuring devices and sensors have not been compromised. If a network were to be attacked, cloud backup applications simply restore data. Similar redundancies can be put in place at each firewall and junction point where data is being handed off between silos.
Standardization takes a back seat while vendors accelerate their time to market. As the IoT grows, standardization will become more important in building stronger security. Open standards inherently have broader support and more gurus with in-depth knowledge. These resources will be fundamental to protecting systems from malicious device/network attacks. Successful competitors in the IoT space will build hardware and software than can adapt to changing protocols and standards, rather than perpetuating proprietary systems.
Competition and capacity
A free-market approach will likely solve many security issues, particularly as service capacity is emphasized over product ownership. As products become smarter, more reliable, and easier to service and update, consumer dynamics will shift. The number and variety of products being leased for service capacities will grow. As a result, the vendors supplying the products face stiff competition to ensure up-time. Security threats rank high among concerns about both service stability and customer confidence.
New vendors are rushing to market and squaring off against traditional internet security providers like Symantec and McAfee. These vendors will have to deliver their own service capacity and demonstrate proven reliability that user data can’t be accessed, and that smart products can’t co-opted and subverted by hackers.
This is not an exhaustive list, but as the IoT evolves, these are some of the ways in which it will naturally change to embrace a more effective security model.