Latest Posts

Latest Comments


IoT: saviour or security risk?


Posted by |

The Internet of Things (IoT) has been heralded as the next evolution of IT. The ability to connect up machines and utilise the data they generate to improve business efficiency and create new services means that the possibilities of IoT are almost limitless. IoT incorporates a vast ecosystem each fulfilling its own role. It covers everything from wearables in a domestic environment through to manufacturing plants in industrial environments. The technology has thousands of uses, delivers thousands of applications, and crosses the divide between consumers and businesses.

While this pervasiveness brings with it opportunities, it comes at the cost of increased risk. While some of those risks may be relatively minor, such as the access and use of personal data or knowing where we are based on our smart watch or mobile phone GPS, there are obviously greater dangers out there. It's about understanding the scale of the risk of using the IoT, working out where the vulnerabilities are and assessing whether the benefit outweighs the risk. You need to decide whether giving a third party access to your location is the price paid for having live maps and directions on your phone.

When we think about threats that IoT could bring to the consumer we tend to think about personal data being accessed and used for commercial purposes. Yet IoT connects commercial environments as well and these all have natural predators. Take the power industry, for example. The gas and electric providers understand the benefits of connecting complex systems. Now they're able to monitor and control systems in real time, in order to drive efficiency or deliver on green commitments. While security systems are extremely robust there's nothing to stop a foreign terrorist group or even renegade dictatorship from exploiting those connections to cause havoc, chaos and disruption. No need to drop a bomb to take the power out, these groups will simply use electronic warfare instead.

So who's responsible for our security over the IoTs? As consumers we really don't think about the thousands of technology suppliers behind this vast ecosystem. We simply embrace the functionality offered by our smart watch, online heating or home security app. In general we believe that responsibility to protect us lies with the device or eco-system manufacturer. We rely on encryption, secure logons and other security elements to keep us safe. Yet those device manufacturers (think Nike+ Fuelband) are in turn reliant on microelectronic manufacturers and app developers to write those security protections in. What if they don't?

The good news is that as the technology matures, the consumer IoT will begin to mirror the B2B IoT security model as the two become indistinguishable from one another. Standards will prevail and become mandatory. The standards will build out frameworks and identify responsibilities as they have within the commercial space. Then we'll see a consumer replication of the security technology and risk policies that already apply to most businesses.

What we know from the commercial space is that security is about managing risk and threats. Ideally that would come in the form of Unified Threat Management that enables the device user to apply a holy trinity of security tools - advanced malware protection, anti virus, content filtering and most importantly for the consumer - intrusion detection. A simple 'plug-in' device like a next-generation firewall that sits around the eco-system or indeed the individual would go some way to identifying and managing threats.

Despite the risks, it's clear that the IoT is here to stay. The founder of the internet, Tim Berners-Lee was quoted in an article a few years ago discussing how the internet has moved from connecting computers, to connecting people, to now connecting things. With over 1 billion connections already made, and Verizon predicting 5.4 billion connections by 2020, it is becoming imperative that we manage the risks appropriately whether we're a business or a consumer.



Post a comment

Comment submitted! Comments needs approval before being displayed.