By: Albert Gibosse | Blue Label Weekly Magazine | Website
Leaders Must Take The Lead in Security and Privacy
With the Internet of Things (IoT) is still in its infancy stage, well over 80 percent of consumers still don’t know what IoT means. Fortunately, the relative novelty of the IoT — along with the innumerable lessons we’ve learned from continual tech innovation over the last half-century — presents an unprecedented opportunity to proactively address security issues as the technology catapults forward.
As industry experts, we know that it’s better to self-regulate and implement strong protocols and procedures than to abandon leadership — which always wind up at the mercy of governmental regulatory proposals.
Let’s lead in the security arena, especially with the number of IoT devices right now exceeding the world’s population, and that is expected to rise to over 21 billion IoT devices around the globe in just a couple of years.
Current regulatory proposals lack substance, momentum
Political leaders must recognize the importance of balancing privacy and security with broader business demands. Legislators must focus on tackling IoT security to ensure confidence in the system.
The dangers of IoT security failures
In the meantime, just one highly publicized major security breach can devastate the fledgling IoT industry. For example, in the home:
- Some solar panels remain vulnerable to hackers who might maliciously control power access or — worse — spy on residents and children.
- Certain toys are riddled with security holes that can expose images of those playing with them to third parties.
- Fitness trackers, heart-rate monitors and security systems all transmit sensitive personal data users don’t want falling into wrong hands.
- Actuators embedded within several products can be hacked to rewire triggers to malevolent ends. Connected kitchen appliances can be maliciously programmed to overheat and catch fire while connected vehicles can theoretically be shut off in the middle of a highway.
In the corporate world, poorly secured IoT devices connected to a company’s data storage infrastructure can lead to customer and corporate data exposure, leading to significant reputation and brand damage as well as crippling legal and liability issues.
Guidelines to secure IoT devices and apps
As leaders in the IoT industry, we must lead when it comes to securing and safeguarding connected systems. If we don’t, any major mishap will encourage government to step in and impose rules that likely won’t have as nuanced a view of the needs and challenges of the IoT ecosystem.
To stay ahead, it’s primordial that we integrate security into every level of the hardware, cloud software and firmware stacks, and every system and device needs to be designed with a minimal attack surface area. These six principles will help to achieve that goal:
- Embrace microcontroller-based designs over full operating systems.
- Close unnecessary open ports toward closing potential points of attack. Avoid opening ports on microcontrollers, and actively close or secure every open port and available protocol on more powerful systems.
- Encrypt all communications between the device and the cloud to ensure confidentiality, integrity and authenticity.
- Actively monitor dependencies for known vulnerabilities, both in device firmware and cloud services. GitHub and other service providers assist with this process.
- Secure the cloud with network segmentation and immutable infrastructure that can quickly and easily replace suspect servers.
- People are often the weakest link, so enable or require multi-factor authentication to use device management software for IoT fleets.
Setting an example for legislators and regulators
Being on the front lines of the IoT industry means that we are pioneers in that brand-new industry. That’s a huge responsibility. As we continue to innovate and create the connected systems of the future, leadership in the realm of security will play a large part in smoothing the path ahead. Political leaders will notice that we take privacy, safety and data protection seriously.
IoT will not only do amazing things but will also unleash substantial value across the global economy. Investing in keeping the IoT safe will help build public confidence in our growing industry — and ensure regulators maintain trust in our intentions and capabilities.
YOU MAY ALSO LIKE: