After the initial anticipation and hype surrounding IoT, the path to monetizing this major technology trend has started to become clearer. Device innovation combined with maturing tech frameworks and cloud infrastructure has enabled enterprises large and small to take advantage of the potential value inherent in IoT. Adoption is growing steadily. Devices are proliferating. So it’s high time we tackled the thorny subject of IoT security.
Security fears are consistently cited in relation to the IoT, but what steps are enterprises taking to protect their IoT systems? A recent Microsoft survey suggests an interesting disparity between respondents’ generic concerns about the IoT, versus real concerns during an IoT implementation: “Even though 97 percent said that they had concerns about the security of IoT devices, less than one in five said that security posed a challenge during implementation.” This disconnect is disconcerting. To me, it suggests enterprises are not appreciating the full scope of what’s required in today’s smart-enabled, device-laden, partly-autonomous digital economy. When it comes to securing the IoT, enterprises need to consider the privacy vulnerabilities inherent in the entire system.
What this means from an engineering perspective is that security needs to be baked in from initial design, through testing, and then through launch, maintenance, and even exit. Going further, each IoT initiative must be understood as it relates to the organization’s existing IT infrastructure. The IoT has enormous benefits for business, but it also exposes businesses and consumers by expanding the surface area for attacks considerably. Or to put it more starkly, when we talk about the proliferation of IoT devices, it’s equivalent to talking about the proliferation of potential access points for cybercriminals. This means that IoT changes the game when it comes to threat detection and makes increasing demands on our user data privacy management systems. While consumers are somewhat used to data breach stories involving personal and even financial data, the IoT devices behind our smart homes or smart cars mean that hackers can now target us in new, chilling ways. The boundaries between cyber and physical crime can be blurred in the form of home invasions, car theft, and a host of other illegal activities, enabled by poor IoT security. Hackers do not even need to act out their threats: the rise in ransomware has left many businesses and consumers paying the bad guys in order to regain control of their devices and networks.
It is clear that as IoT goes mainstream, there needs to be a step-change in the way organizations approach security. Securing the entire system is vital, which is why security measures need to be understood and applied by everyone involved in the IoT lifecycle.
Digital engineering with security at the center
Let’s start with the design and build phase. We’ve long championed the DevSecOps approach to digital engineering. For IoT initiatives, it is the best route to more secure products not only because security and privacy are severe considerations from the design stage onwards but because DevSecOps approach enables nimbler operations, faster releases, and (hopefully) CI/CD.
Putting IoT to the test
In their eagerness to capitalize on the IoT opportunity in a highly competitive segment, enterprises may be tempted to accelerate launch plans. With a software-only product, subsequent updates are relatively more straightforward, but with IoT launches, organizations need to be 100% sure they’ll achieve the UX they are aiming for. Robust testing is key to reducing risk, understanding new requirements, and ultimately saving time and money. Infostretch’s Labs-as-a-Service is a popular option in such cases because it allows organizations to get to launch faster with less investment in expertise, infrastructure, tools, and devices.
Scale-up threat detection
The introduction of increasing numbers of IoT devices has changed the task of threat detection for enterprises. Malware, ransomware, and botnets all now target IoT systems. These systems are harder to patrol, too, so there’s a growing threat from smaller-scale security breaches. They may not grab the headlines, but they can wreak a lot of damage. The use of AI and ML can help do the heavy lifting here. Technologies like blockchain have a role to play in guaranteeing digital supply chains are beyond reproach too.
There are many relatively simple measures that individuals can take to make themselves less exposed to cyber criminals. Changing default passwords is easy, for example, and should be strongly encouraged as part of the set-up process.
The IoT opportunity is now within reach. Delivery teams must navigate a variety of developmental considerations, of which security requirements, user privacy, and industry-specific compliance are all significant players. If you are planning an IoT initiative and need some advice, why not put us to the test? Leave a comment or contact us below.