Securing the Internet of Things world

Like all hardware, applications and services in the communications and IT world, the Internet of things (IoT) must be secure. Think about all those billions of devices connected in 10 year. Now think about all the rich, personal data collected on those devices, flying over networks, stored on virtualized servers, and accessed by various end-users of the data. We need to consider the security implications of IoT devices and the systems surrounding them. I postulate that the risks are greatest where sensor data are combined with customer information are stored in large volumes on enterprise servers (see Figure 1).


Suffice it to say there are security risks all along the IoT value chain from the device-side to the back-end applications and then to the presentment of the data to end-users. And it’s important for security experts to have involvement in the
careful IoT planning, deployment and operational processes (if you are interested in learning more about how to implement security aspects for different IoT projects, please read the expert’s post in this blog).

But I believe the real risks exist where large volumes of data – sensor data coupled with personal information or asset information – are aggregated and analyzed on cloud-based or on-premises servers. These collection and storage points are treasure troves for would-be hackers. That being said, those implementing IoT projects for enterprises can readily conduct security audits and attempt to mitigate these security risks – the same types of security risks that exist in almost all IT and application deployments.

While there are security risks associated with the OS and applications on the IoT devices and on the end-user side, those risks generally involve a single device or end-user profile. The risks to the individual device or individual are generally more limited in these cases as potential data compromised would likely be limited in size and scope.

There are also security risks associated with core networks – carrier networks – and ancillary OSS/BSS systems associated with the provisioning and management of IoT and M2M solutions. No doubt there are security risks associated with the transfer of data along these networks and network elements, however, carriers in general build extremely high levels of security into their networks and ancillary systems. Even in cases where the ancillary systems are hosted off-premises by a third-party service provider, there are high levels of carrier-grade security built into the architectures.

Also interesting to consider are the security requirements for various IoT applications and different requirements by geography. For example, the security requirements for connected car data might be quite different than security requirements for public safety or government sector solutions. In addition, security requirements dictated by regulatory and legal codes in various geographies could differ significantly. These differing requirements certainly add complexities to multi-national IoT implementations.

Share your thoughts about IoT security. Where do you believe the greatest risks exist? What do you think are appropriate steps for enterprises to take in mitigating those risks?

Thanks and stay tuned for next month’s posting of my series here on Bosch’s IoT blog.

 

About the author

Steve Hilton

Steve Hilton

Steve Hilton is a co-founder and President at MachNation, the leading insight services firm researching Internet of Things (IoT) middleware and platforms. His primary areas of expertise include competitive positioning, marketing media development, cloud services, small and medium businesses and sales channels. Steve serves on Cisco’s IoT World Forum Steering Committee where he is co-chairperson of the Service Provide working group. Steve has 23 years’ experience in technology and communications marketing. Prior to founding MachNation, he built and ran the IoT/M2M and Enterprise practice areas at Analysys Mason. He has also held senior positions at Yankee Group, Lucent Technologies, TDS (Telephone and Data Systems) and Cambridge Strategic Management Group. Steve is a frequent speaker at industry and client events, and publishes articles and blogs in several respected trade journals. He holds a degree in economics from the University of Chicago and a Master’s degree in marketing from Northwestern University’s Kellogg School of Management. Steve is a guest author for the Bosch ConnectedWorld Blog.