The Internet of Things is becoming increasingly prevalent in everyday life through wearable devices; smart cars, insulin pumps and a range of other objects, ultimately changing the way companies do business. The economic impact of the Internet of Things will be measured in £trillions. The number of connected devices will be measured in billions. And the resultant benefits of a connected society are significant, disruptive and transformational.
However, with the IoT's amplified presence and increased market size –Gartner predicts there will be 26 billion units by 2020, comes increased concern over the security and privacy implications of having so many connected devices. The threats are real - we’ve all seen the headlines of IoT hacked devices: insulin pumps; smart cars and even fitbits.
Hackers effectively have an expanded surface area to attack, and protecting company intellectual property and customer data is more urgent than ever before.
In a recent survey, Capgemini found only 33% of organisations believe their IoT products are “highly resilient” against future cyber security threats. Wind River published a white paper on IoT security in January 2015 where it stated there is no silver bullet that can effectively mitigate all IoT security threats. Darron Antill, Device Authority CEO, goes one step further and believes to achieve a robust, reliable IoT security solution companies must adopt an entirely new approach to security, which focuses on four central elements:
- Ensure the security of the devices themselves
Achieving reliable security for devices means ensuring that only authorised devices can transmit or receive data associated with an IoT service. The mechanisms for providing this device-focused security are:
- Strong authentication (access control) for new and legacy network devices ensuring data actually originates from a legitimate device and not a fraudulent substitute.
- The ability to scale, so IoT service providers can efficiently and cost-effectively work with millions of devices.
- Protect the data with persistent encryption so it is secure both in transit and at rest
The central principle in a security solution that protects the data is strong encryption, which turns data into a randomised string of numbers and letters (Ciphertext) which is meaningless to anyone except users who have the right key to unlock the code. In an IoT environment large volumes of data are in transit (moving between millions of devices) and at rest (in storage). A data-centric security solution must use strong encryption for data that is persistent, and ensures the data is encrypted both in-transit and at-rest.
- Enable lifecycle management of IoT devices
IoT security solutions need to be highly adaptable. The services protected by security solutions will change, as they are enhanced with new capabilities, and develop greater sophistication. A security solution must, from the start, embody a mechanism for adapting throughout the lifecycle of an IoT product or service. A lifecycle approach is achieved when:
- The software for all, or large numbers of devices and users, can be centrally, securely upgraded.
- An IoT security solution must work seamlessly with legacy devices as well as new devices.
- Implement a security solution that is device and workflow agnostic
Security solutions will be most effective when they are device and workflow agnostic: They work with any type of device; they are a functional add-on to any data workflow.
The IoT is a huge opportunity that is in its infancy. As it matures, manufacturers will modify devices, and the flow of data, associated with services will inevitably change to accommodate new opportunities and an enhanced understanding of customer needs. The most effective security solutions will consider these unpredictable, but inevitable, changes irrelevant.
To find out more about choosing a security solution for IoT, download Device Authority’s free white paper.