Thomas Fischer, global security advocate at Digital Guardian, assesses the role security will play in the IoT and argues that manufacturers must return to the drawing board to find a sustainable, long-term solution.
For a while now, the issue of IoT security has been a growing problem that few want to face up to. The technology industry is renowned for its fast pace and the advantages of being first to market can often be significant, so it’s no surprise to see new IoT products being released at a furious rate. Unfortunately, this rush to market can often result in products and devices that are vulnerable to cyberattacks.
For manufacturers, the IoT is a particularly difficult nut to crack. In addition to time pressures, the demand for user friendliness – combined with highly stringent cost controls – means that, even if the will is there, finding a fast, cost-efficient security solution can be a challenge.
One major problem is that many IoT devices still use extremely cheap processing units akin to something that would have been used several decades ago, only on a much smaller scale. These kinds of processors lack both the memory capacity and input mechanisms required to conduct the regular security updates and patches that would normally take place on PCs and mobile phones.
With the lifespan of some IoT devices now expected to exceed ten years, the security issue this presents is a growing cause for alarm. The threat landscape is a highly dynamic environment and devices that can’t be patched are vulnerable not only to the threats that are out there today but also to all threats that emerge after the device has gone to market.
A new approach to IoT security is needed
Fortunately, organisations are starting to take note. The IoT Security Foundation is driving the creation of new standards and enlisting companies to work together to improve the overall security of IoT devices from the ground up. Elsewhere, the GSM Association (GSMA) has recently produced a set of major guidelines around IoT security best practice.
But in order for businesses to make meaningful security improvements, changes must take place at the design phase, not as an afterthought prior to launch. Security must also be considered from a variety of different angles including software, hardware and the network if it is to be effective.
1) Secure software: Building new devices on a foundation of robust and secure software is critical. Best practice encompasses a variety design considerations including:
Proper and secure authentication for each individual device, so organisations can quickly confirm that any individual device is the one it claims to be
The use of secure coding practices, focusing on QA and vulnerability identification as part of the development lifecycle in order to streamline security and mitigate risks
Industry standard encryption of all data flowing between the IoT device and backend servers, meaning that even if the data is intercepted, it is meaningless without the correct encryption key
Making provision for the deployment of new firmware on the device over time. Moving to more advanced and versatile processing units will allow device software to be […]
The post Effective IoT security must begin at the drawing board appeared first on IoT Now – How to run an IoT enabled business.
Read more here:: www.m2mnow.biz/feed/Posted on: January 9, 2018