The Internet of Things (IoT) is among the hottest topics in e-commerce today. Yet in order for this space to grow further, security challenges need to be addressed.
At the recently concluded Consumer Electronics Show in Las Vegas, Federal Trade Commission Chairwoman Edith Ramirez said IoT, “has the potential to provide enormous benefits for consumers, but it also has significant privacy and security implications. The IoT could improve global health, modernize city infrastructures, and spur global economic growth. To be sure, these potential benefits are immense, but so too are the potential risks. Connected devices that provide increased convenience and improve health services are also collecting, transmitting, storing, and often sharing vast amounts of consumer data, some of it highly personal, thereby creating a number of privacy risks.”
In 2014, HP released a study that found 70 percent of devices connected to the Internet are vulnerable to some form of hacking. The study examined 10 of the most popular Internet-connected devices, including thermostats, smart TVs and webcams, and found 25 vulnerabilities for each of the devices, such as insecure web interfaces, insufficient software protection and lack of encryption.
Additionally, IDC came out with “Worldwide IoT Predictions for 2015” this past December. It predicted 90 percent of all IT networks will have an IoT-based security breach within two years, although many will be considered “inconveniences.” Chief Information Security Officers (CISOs) will be forced to adopt new IoT policies, the report asserted.
For IoT to reach its true potential, the following challenges must be tackled:
- Device Proliferation – This is arguably the No. 1 reason for security challenges in the IoT world. Until a few years back, Internet-connected devices were limited to the PC, smartphone and tablet. With IoT, thousands of different devices are connected to the Internet. And, it won’t be commercially viable to fully secure the low-end, single-use devices with lower grade programming. Such devices and systems will be the most vulnerable to hacks.
- Multiplicity of Platforms and Lack of Standardization – Without standardization or governance in place, different IoT platforms will have different approaches to coding and connectivity protocols. Many IoT systems won’t even encrypt the data it transmits, and it’s safe to say many “loose” approaches could easily compromise IoT security.
- Increasing Use Cases – The increasing level of use cases is directly tied to device proliferation. With the market opening up, we could see an explosion in applications and usage scenarios, in addition to the actual devices. An increase in use cases could expose IoT systems to even more security challenges involving data collection, including data that users considered private. The increase in use cases is especially challenging in the B2B space, as individual departments tend to deploy IoT systems in siloes, or without the sign-off from the IT department.
- More Opportunities for Hackers – In many ways, IoT offers hackers a much wider playing field. For example, consider what would happen if a criminal could hack into a smart home system? Now think about all the potential threats in the B2B world. The repercussions could be even more serious.
While IoT challenges certainly exist, they are not insurmountable. Stakeholders, vendors and users need to consider and execute the following:
- Stakeholders Need to Develop Standardizations – While it won’t be easy, the IoT industry needs to collaborate to develop some level of governance standards for IoT platforms and protocols. Regulatory bodies, such as Federal Trade Commission, have already started pushing for stricter controls.
- Vendors Must Make Security a Priority – From the initial design stage to the operational environment of IoT products and systems, vendors must take security issues and threats into high consideration. Low-priced IoT devices will require innovative approaches so that the price points remain affordable. The Industrial Internet Consortium (IIC) and AllSeen Alliance are among the organizations driving IoT security standards for vendors.
- Vendors Need to Consider Data Minimization – In order to provide security and data privacy, IoT does make the case for Mission-Impossible-style “self-destructing data.” It is possible to design IoT systems so that customer/user data is collected and used – but not stored indefinitely.
- B2B Users Need Strict IoT Usage Policies – For B2B users, it becomes imperative to have an organizational level policy on IoT devices and their usage. This may be a challenge for many companies since individuals departments have started making independent decisions on IT.
The need for increased IoT security measures is widely recognized; however, the path to achieve tighter controls and standardization is far from smooth. The vendor community must collaborate on standardization in order for IoT to help the marketplace.