Can the new frontier of connected technology ever really be secured?
Nitin Thomas
Today smartphones are still seen as the dominant mode of connectivity. But – with everything from toothbrushes to cars gaining connectivity – the Internet of Things is set to become the new face of the digital world.
Research from Ericsson predicts that the 2.6 billion smartphone users around the world today will reach 6.1 billion by 2020. By contrast, according to Gartner, the 4.9 billion connected devices currently in use globally will increase to a staggering 25 billion by 2020.
Alongside the sheer volume of devices, the IoT encompasses a huge variety of different markets and technologies including but not limited to: connected cars and homes, medical devices and wearable technology. The smartphone market on the other hand is dominated by a handful of big players, with the majority of the market share held by Samsung or Apple and a limited selection of operating systems.
This combination of scale and scope represents the greatest challenge in keeping it secure. The most pressing challenge is the fragmented approach currently taken to security standards. Each OEM and vendor is currently taking their own approach to security provisions. We find there tends to be little communication between different companies, with few considerations towards interoperability.
This makes it difficult for communication between different devices to be done securely, as data generally needs to be decrypted and then re-encrypted to pass between different devices – creating a weak link in the network. Addressing this issue with more stringent security provisions can lead to an overly complicated and frustrating user experience. As we have seen with BYOD, users will often take short cuts to avoid dealing with security if it becomes too complicated, which can leave the network even more vulnerable.
The disparate approach to creating and deploying IoT devices has also seen a wide variety of different connection types used. 4G is becoming more common, but many use Wi-Fi and a large number are still connected through Bluetooth. Needing to transfer data across different transport modes – especially weak connections such as Bluetooth – creates yet another potential gap in security which could be exploited.
It’s also vital that no part of a network is overlooked. A connected fridge for example may seem like a low-risk device, but if not properly secured it could serve as a weak link in the network that puts important targets such as medical devices at risk.
The nature of devices used in the IoT has also created other security issues. Sensors are one of the most popular connected devices in use today, but low power devices such as these come with a unique challenge. Encryption algorithms have become increasingly complicated as quality has improved, necessitating larger amounts of processing power. While this isn’t an issue for most applications, remote devices such as sensors usually run on battery power, and overly taxing algorithms can severely drain their power. Ensuring tight security for a sensor network will do little good if the devices themselves are constantly running out of power.
Alongside the challenge in keeping an IoT network secure, managing the deployment of security on this scale is also becoming an issue. Networks that involve potentially hundreds of thousands, or even millions of devices are simply too big to fit within the commercial models currently available. I believe there is currently a gap in the market for a new commercial model tailored to the unique needs of the IoT.
Taken together, these issues make securing the IoT a serious undertaking. In particular establishing a unified security standard will be a very slow process, with the first step being the creation of individual standards for different use-cases based on their needs, such as automotive and medical.
Certainly this will not happen overnight, and I believe we will see several cases of data loss and breaches through the IoT on the way. As with all new technology however, each setback is a learning experience, and OEMs, vendors and security firms will improve as time goes on.
With the number of connected devices used in every aspect of business and home life skyrocketing however, the industry can waste little time, and more collaboration is needed now if we are to secure the future of the IoT.