The IoT: New Opportunities Bring New Security Challenges

Note: This article first appeared in Security Sales & Integration.

Internet-of-Things-security-questions

Connected devices are skyrocketing in popularity in all applications. But will the technology used to protect that data be able to keep up?

The numbers don’t lie — the Internet of Things (IoT) is every bit as big of a deal as it’s made out to be. IDC predicts that the IoT market will hit $14.4 trillion in annual sales by 2020 when combined with big data. And according to Cisco, there will be 50 billion connected devices by that time. Major industries, from healthcare to consumer to automotive, stand to benefit from these devices and the services derived from them.

While the adoption of the smart home and its connected devices are still in its early stages today, Accenture reports that nearly 70% of consumers plan to buy a smart home device by 2019 — bringing the smart home market alone to $490 billion in revenue. The healthcare industry will experience the fastest growth in IoT adoption within the next five years, topping $2.5 trillion in IoT-generated healthcare revenue by 2025. A recent survey by McKinsey & Company even found that more than 25% of car buyers believe Internet connectivity is more important that engine power or fuel efficiency.

As technology advances, our society is increasingly more connected — even in our personal matters. But how secure will our connected homes be? How about our medical monitoring devices? Because if it’s connected, it’s hackable. If you’re lucky, the culprit will just be a kid hacking into your smart home device to turn your kitchen lights on at 3 a.m. You’ve been punked, but there’s no real harm.

But the truth remains — connectedness invites potential danger for breaches. A recent study from Fortify found that 70% of the most commonly used IoT devices had vulnerabilities. The most commonly used devices and their cloud components had an average of 25 vulnerabilities per device. And 80% of devices tested leaked private information including user names, addresses, date of birth and credit card or health information. If our lives are going to be more connected, we’ll need better security protocols and practices to protect sensitive information from being hacked.

Legally Speaking

The truth is you can’t test for every possible case because it’s impossible to identify them all. So what happens when one of those unimagined and untested cases cause an injury, property loss or the exposure of sensitive consumer data? What’s the manufacturer’s liability for the pain and suffering involved when a kid hacks your system and punks you by turning on your lights at 3 a.m., repeatedly, for several weeks? The answer is, we don’t really know. IoT opens the door to a whole new set of legal precedents around product liability, data breaches and data sharing.

Safeguarding Data Privacy

All kinds of personally identifiable information (PII) will be embedded in the flood of data gathered by IoT devices, whether it’s directly present in any given data transmission or obfuscated to some degree. In order for the IoT to “deliver,” this PII (or more likely the indirect pointers to it) must be present or else IoT devices and services will be unable to provide the highly personalized experiences consumers and businesses expect.

Protecting this customer data is critical. Strong encryption can make most data breaches moot — if it’s employed, that is. In the case of health insurer Anthem, the company wasn’t required to use protection. As a result, its high profile breach exposed the personal information of 80 million customers. Pervasive encryption standards will go a long way toward securing customer data.

Sharing Personal Data

Additionally, demand will continue to grow for democratized sharing of IoT data in order to deliver “cross-platform” value. For example, your Volvo’s embedded IoT sensors ability to seamlessly find and pay for parking during a weekend trip requires data sharing between the car company and city’s parking infrastructure.

Different countries, however, handle data sharing in different ways. Currently, Europe and Canada use an “opt-in” approach — companies must get permission from customers to share data. In the United States, companies are free to share data unless customers explicitly “opt-out.” Incentive programs are a popular compromise, like the one from Nest that gives customers discounts in exchange for sharing their data with third parties.

So, when I consider the manifold increase in data volume, the high sensitivity of the data within, and the market necessity to allow disparate entities to share data from disparate sources, I wonder whether the level of security currently afforded by today’s protocols and practices really cuts it.

Standards

Security standards don’t happen overnight. In fact, the World Wide Web only began to fulfill its true promise when standards for TCP/IP (and its all-important child HTTP), HTML, JavaScript, CSS and SSL were established and widely adopted. Similarly, the IoT will initially be able to “ride” on pre-existing standards and protocols (in fact, it already is doing so), but as data volume and data security needs morph and increase, it is safe to assume that existing standards will not scale. The IoT is demanding new standards of its own for communication and data formatting and rapid development/deployment.

Luckily bright people are busy at work trying to tackle the problem, although no one yet can say which standards will do the job most effectively and will “win” — be it those created by large corporate alliances like the Industrial Internet Consortium or those by community/open-source style entities like the AllJoyn Alliance (or combinations of both). All we can say for certain now is that what we currently have is unlikely to scale and extend in the ways the IoT will demand.

The good news is we’re getting closer to the end zone — bolstering IoT security. Myriad point solutions and joint efforts like the Cloud Security Alliance are just some of the ways industry is working to lock down the zillions of moving parts of IoT.

There are certainly data challenges on the road to IoT. Before we can harness that data fully, we’ll need to overcome some real challenges. There is good news on several fronts, including the fact that great minds and lots of R&D dollars are busy trying to address these roadblocks.

About the Author

Brendan O'Brien

Brendan O’Brien has been in the subscription services business for over 20 years, and is recognized as a pioneer and thought-leader. It’s fair to say that he introduced the world to cloud billing, and innovated database-driven, enterprise-grade web applications for companies ranging from Medical Manager, to Wright Express, and LaserLink. All this before the concept of “cloud” was even on the horizon. Brendan is trained as a professional stage actor and classical tenor.

The Forrester Wave: Subscription Billing Platforms, Q4 2015

Download Recurring Revenue Management for Dummies

See why Aria Systems was named a leader in subscription billing platforms by Forrester Research.

Download to Learn Why »

Recurring Revenue Management for Dummies

Download Recurring Revenue Management for Dummies

Does your company want to become the next Uber, Netflix, or Salesforce? These companies have crushed their competition and built billion-dollar valuations by focusing on recurring revenue models.

Get the eBook Now »

Categories

Archives

Discover what Aria can do for you.