How Can We Secure the Internet of Things?

Conceptually, the Internet of Things (IoT) is fascinating and exciting, but the key to gaining real business value from it is to ensure that there is effective synergy between all of the elements of the architecture. This will allow you to deploy applications faster, process and analyze data at lightning speeds, and make decisions as soon as possible.

In short, the IoT architecture can actually be represented by four systems:

  1. Things: These are defined as uniquely identifiable nodes; primarily, these are sensors that communicate without human interaction using IP connectivity.
  2. Gateways: These act as intermediaries between things and the cloud to provide the needed Internet connectivity, security and manageability.
  3. Network infrastructure: This category  is comprised of routers, aggregators, gateways, repeaters and other devices that control data flow.
  4. Cloud infrastructure: Cloud infrastructure contains large pools of virtualized servers and storage that are networked together.

Next-generation trends such as Social Networks, Big Data, Cloud Computing and Mobility have made many activities possible that were merely pipe dreams a few years ago. Additionally, there is a convergence of global trends and events that are fueling today’s technological advances and enabling innovation. For starters, governments are incentivizing investment in these new technologies and there are a multitude of efficiency and cost-reduction initiatives in key verticals. Mobile networks are also increasingly expanding and becoming more affordable, whereas wired and wireless communication systems are becoming more efficiently. Finally, costs are lower than ever, whether it’s reduced connectivity costs or lower manufacturing costs for smart devices.

All of these factors point to the Internet of Things (IoT) being the one big winner as a result of this entire ecosystem. Simply put, IoT creates new opportunities and provides a competitive advantage for businesses in both current and new markets. It touches everything – not just the data, but how, when, where and why you collect it. The technologies that have created the Internet of Things aren’t only changing the Internet, but rather the things connected to the Internet – the devices and gateways on the edge of the network that are now able to request a service or start an action without human intervention at many levels.

Because the generation and analysis of data is so essential to the IoT, consideration must be given to protecting data throughout its life cycle. Managing information at this level is complex because data will flow across many administrative boundaries with different policies and intents. Generally, data is processed or stored on edge devices that have highly limited capabilities and are vulnerable to sophisticated attacks.

Given the various technological and physical components that truly make up an IoT ecosystem, it is worthwhile to consider the IoT as a “system of systems”. The creation of these systems that provide business value to organizations are often a complex undertaking, as enterprise architects work to design integrated solutions that include edge devices, applications, transports, protocols, and analytics capabilities that make up a fully functioning IoT system. This complexity introduces challenges to keeping the IoT secure and ensuring that a particular instance of the IoT cannot be used as a starting point to attack other enterprise information technology (IT) systems.

Security, then, is a chief concern in this regard, as the International Data Corporation (IDC) estimates that 90% of organizations that implement the IoT will suffer an IoT-based breach of back-end IT systems by the year 2017.

Challenges to Secure IoT Deployments

Regardless of the role that your business has within the Internet of Things ecosystem – device manufacturer, solution provider, cloud provider, systems integrator, or service provider – you obviously want to know how to get the greatest benefits from these new technologies that offer such highly diverse and rapidly changing opportunities.

That said, handling the enormous volume of existing and projected data is daunting. Managing the inevitable complexities of connecting to a seemingly unlimited list of devices is complicated. Furthermore, the goal of turning the deluge of data into valuable actions seems impossible because of the many challenges. The existing security technologies will play a role in mitigating IoT risks but they are not enough. The goal is to get data securely to the right place, at the right time, in the right format; however, it’s easier said than done for many reasons. In a recent report, Cloud Security Alliance (CSA) listed some of the challenges:

  • Many IoT Systems are poorly designed and implemented, using diverse protocols and technologies that create complex configurations
  • Lack of mature IoT technologies and business processes
  • Limited guidance for life cycle maintenance and management of IoT devices
  • The IoT introduces unique physical security concerns
  • Limited best practices available for IoT developers
  • There is a lack of standards for authentication and authorization of IoT edge devices
  • No focus yet on identifying methods for achieving situational awareness of the security posture of an organization’s IoT assets
  • The uses for Internet of Things technology are expanding and changing – often in uncharted waters

Some real examples of threats and attack vectors that malicious actors could take advantage of are:

  • Control systems, vehicles, and even the human body can be accessed and manipulated causing injury or worse
  • Health care providers can improperly diagnose and treat patients
  • Intruders can gain physical access to homes or commercial businesses
  • Loss of vehicle control
  • Safety-critical information such as warnings of a broken gas line can go unnoticed
  • Malicious parties can steal identities and money
  • Unauthorized tracking of people’s locations, behaviors and activities
  • Ability to impersonate IoT devices.

 

Dealing with the challenges and threats

Gartner predicted at its security and risk management summit in Mumbai, India this year that more than 20% of businesses will have deployed security solutions for protecting their IoT devices and services by 2017. Still, IoT devices and services will expand the surface area for cyber-attacks on businesses, by turning physical objects that used to be offline into online assets communicating with enterprise networks. Businesses will have to respond by broadening the scope of their security strategy to include these new online devices.

Businesses will have to tailor security to each IoT deployment according to the unique capabilities of the devices involved and the risks associated with the networks connected to those devices. As such, BI Intelligence expects spending on solutions to secure IoT devices and systems to increase by 500% over the next four years.

The Optimum Platform

Developing solutions for the Internet of Things requires unprecedented collaboration, coordination, and connectivity for each piece in the system and throughout the system as a whole. All devices must work together and be integrated with all other devices, and all devices must communicate and interact seamlessly with connected systems and infrastructures. It’s possible, but it can be expensive, time-consuming and difficult.

All told, the optimum platform for IoT will acquire and manage data to create a standards-based, scalable, and secure platform, integrate and secure data to reduce cost and complexity while protecting your investment and finally analyze data and subsequently act by extracting business insights from the data.

Last word…

Security needs to be built into the foundation of IoT systems, with rigorous validity checks, authentication, data verification and encryption. At the application level, software development organizations need to improve at writing code that is stable, resilient and trustworthy; this can only happen with better code development standards, training, threat analysis and testing. As systems interact with each other, it’s essential to have an agreed interoperability standard which is safe and valid. Without a solid top-to-bottom structure, we will create more threats with device that is added to the IoT “network”. What we need is a secure and safe IoT that protects your privacy and provides business value – it sounds challenging, but it’s certainly not impossible.

This article was originally published on Ahmed Banafa’s LinkedIn. To learn more, please connect with him on LinkedIn or follow him on Twitter.

Share this Post

Leave a Reply

Your email address will not be published. Required fields are marked *