September 24, 2015

Data Security & the Internet of Things – Square Peg, Round Hole?

The role of the channel in IoT Security

Existing Data Security solutions, specifically encryption services, have largely evolved to service the demand generated by secure human interaction with digital information.

With this I mean the simplification of an otherwise complex technology in areas such as email communications, file and folder security and disk encryption. A handful of security solutions, once again specifically for the encryption of data, have emerged to address the demands of Machine to Machine (M2M) communications. These have largely been based on proprietary technologies and have been created to address specific needs within industry verticals. With the seemingly unstoppable, strident, evolution of the next phase of M2M, namely IoT, how can data traversing IoT ecosystems be expected to remain secure and therefore trusted?

Practically every conversation and presentation on the benefits of IoT, particularly industrial IoT, is framed by the criticality of security, so it is clear that everybody understands the need for something robust and scalable. That being the case why is there such a massive dependency on transport level security measures, all of which have been proven to fall short when it comes to delivering a secure mechanism for the delivery of sensitive information.

How can industry be expected to embrace the multitude of benefits that are undeniably associated with the adoption of IoT when security at a data level is largely being ignored. Common wisdom and consensus dictates that robust methods for the protection of information should be built into systems from the outset.

“There is a small — and rapidly closing — window to ensure that IoT is adopted in a way that maximizes security and minimizes risk,” a draft 2014 report from the National Security Telecommunications Advisory Committee stated. “If the country fails to do so, it will be coping with the consequences for generations.”

Have we learnt nothing from the mistakes of the last 25 years of internet connected computing. Is it already too late? Is history about to repeat itself? HOW DO WE SQUARE THE HOLE?

James Penney