Securing the Internet of Things: This decade’s IT challenge

Share this post:

ToC-IoT-strategy-7-stepsThe Internet of Things (IoT) trend is such a hot topic today… and for good reasons. There is no doubt that a world with a fully functional collection of IoT systems will bring tremendous benefits to our work and personal lives.

Let’s look at just three examples. Sensors in roads and in cars will tell drivers of dangerous road conditions, keep the car in the center of the road, and warn drivers of slow or stopped vehicles ahead. In healthcare, patients will wear medical devices that remotely communicate data to their physicians. In the hospital, nurses and surgeons will wear smart watches and glasses that give them the latest information from patient monitoring devices and lab results. In cities, street lights will inform maintenance crews which bulbs are out, trash cans will also tell crews when they’re full, and citizens will know exactly when the next bus will arrive at their corner stop.

While billions of connected “things” will improve the quality of people’s lives, change business processes and models, and reinvent entire industries, these same things provide new potential entrance points for criminal access to personal and corporate networks and data.

The potential for costly IoT security breaches is significant.

  • A recent HP Research study reported that 70 percent of IoT devices have at least one security flaw and that, astoundingly, each device averages 25 security flaws.
  • The reality is that, in today’s environment, an amateur hacker can conduct basic attacks from anywhere in the world by downloading existing tools. Even worse, sophisticated criminals, organized crime and nation states have entered the hacking game.
  • IDC has predicted that “within two years, 90 percent of all IT networks will have an IoT-based security breach.”
  • The cost of a data breach is getting more expensive. Ponemon Institute recently released its annual Cost of Data Breach Study: Global Analysissponsored by IBMAccording to the benchmark study of 350 companies spanning 11 countries, the average consolidated total cost of a data breach is $3.8 million – a 23 percent increase since 2013.

So this is perhaps the biggest IT challenge of the next decade. Academics agree; according to a recent IBM Center for Applied Insights studies, IoT security is one of the top priorities as they educate the next generation of security leaders.

ToC-IoT-cost-of-data-breachIf the IoT is to realize its full potential, security professionals must secure both IoT systems and the data collected from them. Security must be designed into devices, networks, and all system levels. While traditional network firewalls and security applications can manage the high-level traffic flowing through the Internet, the real challenge is how to embed security capabilities into endpoint devices. This is especially challenging when those devices typically have limited power and resources available to accomplish effective threat management.

The truth is security professionals and IoT device/system vendors have much work to do. However, the good news is that security professionals have been in the business of securing IT systems for many years, and I feel confident that they can apply all they have learned to IoT security, despite the unique constraints of the embedded devices.

Here is some basic guidance for those developing IoT strategies and systems:

  • Design security into IoT devices and systems from the ground up. Don’t think of security as something you add on after installing a device or implementing a system. Build security into operating systems, and take advantage of hardware-level security capabilities. Incorporate threat management capabilities as close to the endpoint as possible.
  • Plan on collecting and retaining the minimal amount of data needed. Encrypt all potentially sensitive data before sending over any network.
  • Partner with vendors that have appropriate emphasis on all elements of security, including threat intelligence analytics, identity and access management controls, and monitoring and patching products after release.
  • Conduct a complete security audit of the IoT system as it’s designed. Include privacy, risk and fraud assessments.
  • Test the security before launch, inviting security professionals to attempt to hack into the system.
  • Train staff on all risk elements associated with the IoT infrastructure and the data collected – from devices, to applications, to networks.
  • After launch, conduct another complete security audit of the entire system and continue to perform audits on a regular basis.

For security professionals, there are already a number of resources for raising industry awareness and increasing personal knowledge of IoT design best practices. I’ve selected a few here for you:

While the future looks bright for the benefits the IoT will have on all our lives, we must all focus on designing security into these new systems from the ground up. It is a very important issue, and I believe we are ready for the challenge.

Bill Chamberlin is an Emerging Tech Trends Analyst with IBM Market Research. This article originally appeared on the web site of the IBM Center for Applied Insights

More IoT stories

IBM and Cisco: Collaborating to bring hybrid cloud to today’s modern enterprise

We hear from enterprises today that they want an open, faster, more reliable way to modernize and move to the cloud in order to transform their IT and gain real business benefits such as agility, faster market responsiveness and more rapid innovation. To do this, they need to be able to quickly build, test and […]

Continue reading

What’s new in automation software deployment?

Digital business automation software can help companies scale operations, improve customer experiences and control costs. Most business and IT leaders have moved on from understanding the business value of automation to how best to implement it. Part of implementation success is choosing the right deployment environment. The following three options fit different business needs: On […]

Continue reading

What are IBM Cloud Paks?

It’s been more than a decade since commercial cloud first transformed business, but even now only about 20 percent of workloads have moved to the cloud. Why? Factors such as skills gaps, integration issues, difficulties with established codes and vendor lock-in may be preventing most teams from fully modernizing their IT operations. Business leaders have […]

Continue reading