SECURITY IN THE TIMES OF IoT

October 4, 2016 | By Comodo

IoT: Unprecedented expansion

Internet of Things (IoT) is now part of our daily life. The internet has pervaded our day-to-day lives like never before and internet connectivity is now used in all kinds of household and consumer gadgets too. We have smart cars and medical appliances that use internet connectivity to deliver better functionalities; we have watches, garden equipment, smart homes, wearable technology- all these and much more that depend on internet connectivity. The internet has revolutionized transportation, healthcare, communication and many other fields of human activity. We can control and operate devices remotely and thus have greater functionality at our fingertips.

Leading IT research and advisory company Gartner forecasts, in a press release about Internet of Things, that ” 6.4 billion connected things will be in use worldwide in 2016, up 30 percent from 2015, and will reach 20.8 billion by 2020. In 2016, 5.5 million new things will get connected every day.”

The other side of the picture

Let’s not forget that with life getting smarter and smarter because of IoT devices, hidden risks too are increasing and we need to get smart enough to identify, combat and minimize these risks.

The greatest risk pertains to security and data privacy; we hear of hacking and data-breach happening almost every day. Hackers hack into the network of a hotel chain or a hospital and get away with sensitive personal information relating to hundreds of people. The personal information thus collected, including credit card data etc, is used to rob people of their money and even cause further damage. We hear of hackers taking control of the network controlling smart cars or even medical devices.

Thus, while IoT opens up a whole ocean of possibilities and opportunities before us, it also bestows on us a sense of added responsibility. As we get smarter and smarter as regards using internet technology to our advantage, we need to get increasingly smarter on security as well. For this, we need to first understand the challenges that we may have to face as regards IoT, especially when we design and manufacture products that might have to compromise on security aspects owing to a host of factors. For example, in a bid to manufacture low-cost devices with low-cost components, companies could be forced to compromise on security. Similarly, if the software language used in a device is poorly architected, it could lead to compromising on security. Thus when update cycles and device lifecycles take longer to implement, security vulnerabilities may increase. Unpatched devices can lead to hackers exploiting vulnerabilities in the software to steal data or gain control of user behavior. Sometimes manufacturers of IoT devices compromise on security capabilities, like SSL encryption and authentication, to enhance system performance and that has serious consequences.

Security should be top priority

Security thus has to be accorded top priority and has to be incorporated as a fundamental part of the design process itself, for any IoT device. This would be better than adding it later, for example, in the form of an antivirus software or an antimalware product. In fact, web security should be considered along with cost, performance  and other such factors while conceiving and designing a device itself. Hence for any IoT device researcher and manufacturer, it becomes imperative to identify and address security risks and trace those risks, making all efforts to look for vulnerabilities and patch the same.

During the development stage, unnecessary functionalities that could contribute to increasing the attack surface have to be removed. A proper and secure update mechanism too needs to be incorporated into the device.

A good leadership, plus excellent support from security experts within the organization, could thus contribute to maintaining high standards as regards security and then only would we be able to make the most of IoT as a technology.

Be Sociable, Share!

    Add new comment

    Your name
    Comment

    You may use these HTML tags and attributes: <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>