The IoT Security Conundrum
Security is one of the more multi-faceted problems an enterprise will face as it implements an IoT solution. IoT is comprised of multiple components, each of which must be carefully secured on their own.
It can typically be broken down into the basic components of device, network, platform, application, data processing and storage.
When implementing IoT, it is important that an enterprise consider authentication and encryption technologies at every layer of a program. Vulnerability in one component can compromise the system as a whole: a solution is ultimately only as strong as its weakest link. Further to this is the notion that each component may have several subcomponents, amplifying this security challenge even more.
In addition to technologies to secure each component, there are holistic systems, such as those utilising big data and analytics for anomaly and intrusion detection, that promise to wrap security around an IoT implementation. These technologies must also be carefully evaluated and understood, with vigilant ongoing oversight. Security is a constantly moving target.
Beyond components and technology resides the multi-dimensional challenge of security itself. These include issues such as data privacy and protection, human operations and the business case behind the IoT implementation. Data privacy and protection, which naturally have regulatory implications that vary from one market to another, represent a highly complex issue. Questions surrounding ownership of data and privacy concerns persist (including the very privacy of employees being tracked and monitored by IoT systems), while even more simplistic issues related to data handling can create challenges to IoT implementation.
The human aspect of IoT also plays a big role. New procedures and policies for employees interfacing with an IoT system are required as employee error and negligence may compromise it. For example, IoT implementations require some degree of computer knowledge and passwords to secure them. Often cited by enterprises is the simple difficulty in instituting secure passwords and protecting them. In fact, a number of recent high profile data breaches involved compromised passwords as the starting point for the hack. Thus, when considering the components that comprise a M2M and IoT solution, it is critical to consider the human elements around it as well – how to ensure they do not become the weakest link in an implementation. In addition to careful planning of new procedures and policies, technology can also help overcome these challenges (e.g. biometric solutions as a substitute for passwords).
Finally, the business case must be factored into the security considerations of an IoT implementation, aligning it from a cost-benefit point of view. The investment in security should consider the value of what exactly is being protected. For example, mission critical and high value data, such as those involving key infrastructure operations, financial/banking, public safety, and medical information related IoT implementations naturally warrant greater investments. On the other hand, less critical and sensitive information in IoT implementations, such as tire pressure or engine performance readings from cargo trucks or building temperature reading sensors, see reduced business value in comprehensive security measures.
This article is part of a longer-form article written by Godfrey Chua and Emil Berthelsen. If you want to discover the whole enterprise IoT journey you can do so here.