Security and collaboration will drive IoT adoption
Manfred Kube, Gemalto
We recently saw the Internet Society (ISOC) calling for more standards to be adopted within the Internet of Things, writes Manfred Kube, the head of M2M segment and offer marketing at Gemalto. Releasing a whitepaper discussing the issues and challenges of IoT, the ISOC is urging vendors and users of IoT devices and systems both have a collective obligation to ensure they do not expose IoT stakeholders, and the internet itself, to potential harm.
Widely regarded as the hottest topic in high-tech, the Internet of Things (IoT) is attracting the attention of countless enterprises and organisations across an equally diverse array of industries. All are looking to exploit the potential of a world in which machines are communicating with each other and us every day.
However, a significant number of these stakeholders are failing to recognise and address the serious security issues that can accompany IoT applications. Unfortunately, the very nature of IoT applications being connected to a global network makes them vulnerable to cyber-attack and having a personal loss at risk, consumers too must realise this.
Whilst open to a variety of definitions, the majority of IOT devices are comprised of common elements and characteristics which are: a series of remote sensors wirelessly gathering and sharing data and utilising a central cloud-based application; which stores the data involved.
There is no shortage of potential threats. Indeed, in terms of grabbing headlines in the electronics sector, hacking is one of the few stories that can rival the IoT for media coverage.
In developing an effective response, risk assessment is the obvious first step. It must be recognised that successfully hacking an apparently minor element of the infrastructure can potentially open the door to the entire network and its central data storage facility.
While security strategies should be tailored to the unique characteristics of each application, the fundamentals of an effective approach are common to all:
- Authentication/identification – each device must identify itself and prove its right to access the system
- Confidentiality – data transmitted must be encrypted effectively, ensuring it is of no value even when stolen
- Integrity – ensuring what is sent is actually what was intended to be sent
- Non-repudiation – incontrovertible proof of the validity and origin of all data transmitted
Willingness to share sensitive data – for example, in the form of mobile banking – is one of the sticking points when it comes to the threats within the digital domain. To commit to these new channels of communication, trust needs to be established and maintained.
And exactly the same rules apply for the IoT. The new ecosystems that are being visualised and created will only thrive if end users, enterprises and other organisations have complete faith in their ability to protect sensitive data over the long term.
In terms of the opportunities to deliver new services, standards and revenue streams, the IoT genuinely merits the hype and headlines currently being generated. Working on the basis that whatever can be hacked, will be hacked, solutions that provide effective protection for stakeholders must be built into the DNA of every IoT application from the outset.
The most fundamental lesson lies beyond simply identifying and applying the correct hardware, software and processes. For IoT deployments to truly fulfill their potential, those behind them need to appreciate that success ultimately rests in creating ecosystems that are as dynamic as they are trusted – and as open and accessible to new providers and end users as they are resistant to the myriad of threats that now occupy cyberspace.
The ISOC has identified this as security as the main facilitator in bringing companies and users into a truly connected world. Collaboration is absolutely key, vendors must ensure they are prioritising security before rushing products to market, and consumers must accept their own responsibility in protecting themselves from potential threats. By creating this, the opportunities within this fantastic technology are endless.