Gemalto’s Manfred Kube lays out some top tips for keeping your data secure in the IoT
Widely regarded as the hottest topic in high-tech, the Internet of Things (IoT) is attracting the attention of countless enterprises and organisations across an equally diverse array of industries. All are looking to exploit the potential of a world in which machines as well as people enjoy 24/7 connectivity.
However, a significant number of these stakeholders are failing to recognise and address the serious security issues that can accompany IoT applications.
Unfortunately the very nature of IoT applications being connected to a global network makes them vulnerable to cyber-attack. Whilst open to a variety of definitions, the majority of IoT devices are comprised of common elements and characteristics which are: a series of remote sensors wirelessly sharing data and utilising a central Cloud-based storage facility; which is able to not only store data for a fleet of edge devices but also act as part of the actual distributed application with some processing on the edge device and in the cloud.
To compound these problems, there is no shortage of potential threats. Indeed, in terms of grabbing headlines in the electronics sector, hacking is one of the few stories that can rival the IoT for media coverage. In developing an effective response, risk assessment is the obvious first step. It must be recognised that successfully hacking an apparently minor element of the infrastructure can potentially open the door to the entire network and its central data storage facility.
While security strategies should be tailored to the unique characteristics of each application, the fundamentals of an effective approach are common to all:
- Authentication/identification – each device needs to be able to identify itself and prove its entitlement to access the system
- Confidentiality – data transmitted must be encrypted effectively, ensuring it is of no value to anyone stealing it (or “listening in”)
- Integrity – ensuring that what is sent is what is meant to be sent (and cannot be changed)
- Non-repudiation – incontrovertible proof of the validity and origin of all data transmitted
Willingness to share sensitive data (for example, in the form of mobile banking) is one of the sticking points when it comes to the threats within the digital domain. To commit to these new channels of communication, trust needs to be established and maintained. And exactly the same rules apply for the IoT. The new ecosystems that are being visualised and created will only thrive if end users, enterprises and other organisations have complete faith in their ability to protect sensitive data over the long term.
In terms of the opportunities to deliver new services, standards and revenue streams, the IoT genuinely merits the hype and headlines currently being generated. Working on the basis that whatever can be hacked, will be hacked, solutions that provide effective protection for stakeholders must be built into the DNA of every application, not bolted on as an afterthought.
But the most fundamental lesson lies beyond simply identifying and applying the correct hardware, software and processes. For IoT deployments to truly fulfill their potential, those behind them need to appreciate that success ultimately rests in creating ecosystems that are as dynamic as they are trusted – and as open and accessible to new providers and end users as they are resistant to the myriad of threats that now occupy cyberspace.
Manfred Kube is head of M2M segment marketing at Gemalto
What do you know about the Internet of Things? Take our quiz!