There’s a running joke in IoT circles that the S in IoT stands for security. The joke, of course, being there is no S or security in making devices for the Internet of Things.
This is a serious concern since we’re looking at 21.4 million smart speakers in use in 2020. The trend is only like to continue as at least 20% of searches on Google take place through voice assistants and 22% of people in the US have made a purchase using their IoT smart speaker.
Manufacturers of IoT devices have so far traded off security to get products to market faster. But today, security is a growing concern and people are extremely concerned about how businesses are managing users' personal information.
One of the most significant events that have impacted businesses and continue to impact people today is the implementation of the GDPR act. According to the GDPR act, businesses that do not gather consent before collecting personal information face fines up to 4% of a business’s global revenue or 20 million EUR, whichever is greater.
It’s a safe prediction that businesses that do not add security in IoT devices may face tremendous backlash in the future.
So how can you add security in the development of IoT device development? Thankfully, just as there are problems, there are also a number of solutions that you can implement. It’s best to make security a part of the development process rather than to incur technical debt, which makes future changes extremely difficult.
The physical aspect of the IoT means that when security issues arise the damages can be seen in the real world. Along with potential violations of privacy in individual lives, attacks on public infrastructure are possible. For example, a German steel mill and a nuclear power plant in Iran were maliciously attacked through IoT devices. These incidents and several others have raised concerns about the security created by IoT devices.
Here's a breakdown of ways to make IoT security a priority.
When building IoT devices, the foundation itself needs to reflect the latest security measures. Until now, businesses have simply pushed IoT devices to the market since adding security features would create delays. They are also an added expense. However, the problems that arise from a data breach are far more devastating.
As a tech leader, you need to create the mindset and culture at a business level to make security a key feature from the very start. It's through this attitude that other steps fall into place. It's important to make a commitment to hiring skilled security experts and investing in the right infrastructure.
A powerful way to add security to IoT devices is by adding authentication features. This can prevent malicious entities from hacking devices by ensuring that the intended user and devices are accessing data. There are two levels at which this needs to be done depending on the IoT device.
End-user authentication is done by setting strong passwords and two-factor authentication. For the public sector and B2B level devices, you need to develop a special infrastructure and use certifications.
The value of IoT devices lies in the fact that it transmits valuable data. At the same time, this creates a number of vulnerabilities. Data needs to move securely move through the issuing device, the internet, the cloud, and/or the receiving servers and machinery.
An example of IoT devices and connected networks being misused can be seen in this story where the data of a casino's guests were hacked through a thermometer in the fish tank.
To avoid a possible attack like this, manage network and cloud level security with the help of encryption technology.
Today, there are businesses developing open encryption software. Using open-source encryption technology makes sense since you can always do your own research to make sure that it works. This technology is also built and checked by data security experts from around the world, making it a strong platform to protect your data.
Finally, the previous security measures are not viable without the right hardware in place. IoT devices don’t just power individual devices. They support public sector infrastructure and large-scale machinery for businesses.
Today, businesses and individuals can protect their data online by using VPN software, but the complex one-to-one, one-to-many, and many-to-many aspects of IoT objects means complexity that VPN alone can't handle.
Also, in the case of public sector and large industry devices, the hardware is meant to last decades and regular software updates as in mobile phones are not feasible. The answer can be found in the use of chips which can be embedded in devices to create greater security.
Chips can offer higher security as developers can create specialized operating software that commercially available ones cannot hack into.
Going further into building up the security level that chips can offer, adding an identity to each chip for every device one is embedded in creates accountability and data protection. Working with an identity platform will help you secure your IoT device from chip to cloud.
We've looked over the reasons why IoT device security should be implemented as well as a few practical ways to do so.
Businesses are already walking a fine line between creating secure IoT and pushing IoT-based devices into the market quickly. As the use of IoT devices grows in the future, the matter of security cannot be ignored.
Although adding security measures creates a longer product-to-market cycle and higher expenses, the alternative - major data breaches - make these precautions well worth the effort. Tech leaders need to see a mindset change and push to build more security measures to protect both the data of their own business and that of the public.