July 18, 2015

IoT Security: Getting It Right First Time

IoT security: getting it right first time

Introduction to IoT Security

Computer viruses and worms. It might not be one of the most well-known branches of history but it’s certainly a rich one.

Consider the transition from John von Neumann’s article on the ‘Theory of Self-Reproducing Automata’ in 1966, to the ILOVEYOU or Love Letter virus of 2000, thought to be one of the most damaging computer worms ever. Or the Flame malware identified in 2012, and often considered the most complex malware discovered.

Threats to IoT Security

The internet has moved from rudimentary computer connections once predicted to be of relevance to no more than a dozen or so people to a truly dominant global network. Likewise, computers have changed from room-sized monsters to sleek machines you can carry around in your handbag – or indeed, your pocket. These enhancements have changed our world forever – and incredibly rapidly.

But that very speed of development has left the internet incredibly vulnerable to malicious malware, as the history just touched upon goes to show. So, as the internet reaches the next stage in its expansion, with the Internet of Things (IoT), what lessons can we take from the original rise and rise of the internet?

Even within the high-speed world of the internet, the IoT is a real game-changer. Billions of devices, transmitting information to each other via billions and billions of internet connections. Businesses will be able to use data collected by everyday devices, generating new intelligence on their customers’ behavior. Consumers will be able save data on everything from their shopping habits to their exercise regimes. The IoT is exciting – it’s also enormous. Rather like the internet initially seemed in the 1990s, when cheaper personal computers and ever-faster phone lines started opening up its potential to a global audience.

Data Security in the IoT

One of the major problems with early attitudes to data security and the internet was frequent siloed approaches. In this brave new internet world, specialist IT security companies were always going to emerge, but they often focused on very specific stages in a data ‘food chain’. Information might be protected in storage in one place, but became vulnerable as soon as it was moved to another.

A second problem was the very speed at which the internet grew, and the plethora of different hardware and software providers that suddenly needed to work together. From computer manufacturers to telecommunications providers, website hosts to online shopping sites, suddenly the internet was demanding perhaps the greatest cooperation between different businesses the world has ever seen.

Both of these challenges should be front of mind to any business considering how to take advantage of the IoT.

First, the IoT data journey. When information is generated by, say, a person’s watch, and then both stored on that watch and transmitted via the IoT to a particular business, the watch supplier becomes a part of that business’s data chain. It’s vital that the organisation in question is able to marry its data security systems seamlessly with those of the watchmaker, to ensure that data generated is secured at the point of creation, not once it’s transferred across.

This also highlights the second challenge – the introduction of that third-party watch supplier (who, let’s not forget, may be very new to the entire internet/IT security landscape) into the IoT ecosystem. To what degree can our business trust the watchmaker’s security protocols (remembering that trust isn’t merely about morals and ethics, but about technological capability).

How Device Authority can Solve IoT Security Issues

It’s clear that robust data security in the IoT landscape requires systems that secure data at every point from creation through to transmission and storage – and systems that cooperate seamlessly with a wide range of third party suppliers. Such an approach has guided the development of Device Authority’s Security Platform.

If you’d like to start exploring how it could work for your business, and how you can avoid the mistakes of the first internet revolution, get in touch today.

James Penney