by John Dixon www.teccrunch.com | ||
The
Internet of Things (IoT) presents a significant mix of opportunity and
risk. Compared to the connected devices of the past, the gazillions of new IoT
devices that are being predicted for our homes, transportation, cities, medical
devices and elsewhere represent a unique set of security challenges for both
companies and their users.
They also offer a
host of new and attractive opportunity for attackers.
To start, IoT devices
significantly expand the attack surface. Hackers can easily purchase any IoT
device, which will often contain the same security features of other, identical
devices already deployed in hundreds or even thousands of homes. Unlike servers
or networking equipment, which are usually hacked through remote access points
and reside in protected and monitored environments, IoT devices are more
accessible to malicious threat actors.
The widespread
availability and proliferation of these devices means that once a device is
compromised, it’s very difficult for a company to flip a switch and update the
millions of devices just like it sold around the world. It also means that
hackers can use one insecure device to leapfrog their way into broader
connected networks, allowing a single device to compromise sensitive data
ranging from bank and health information to even access to broader corporate
assets as the line between work and home continues to blur.
The Internet of
Things presents a significant mix of opportunity and risk.
It’s also important
to think about the companies producing today’s top IoT devices. Often, these
companies are startups, which may not have the funds to bring to bear an army
of security experts and white hats to ensure secure deployments. Instead, they
must rely on the hardware and software provided to them through suppliers. And
commodity pricing places an enormous strain on security engineering and
maintenance. Many of the IoT devices on today’s shelves are by necessity
inexpensive to manufacture, which means companies are less likely to spend high
dollar on security throughout the development process.
Now is the time for
the technology industry to proactively address these concerns, before the
threat of widespread IoT security breaches becomes a reality. The standards
groups, enterprise organizations and the legions of startups and maker
communities working in this area must join together and get to work on
addressing the critical issue of safeguarding the IoT before it’s too late.
Getting Started
The good news is the
tech industry recognizes that something needs to be done about IoT security,
both through industry groups and at the company level. For example, the
International Standards Organization (ISO) has a working group assessing how the
ISO 27000 family of security standards might be adapted to address IoT security needs, while
the IEEE Standards Association is working on anarchitectural
framework that is
expected to address IoT security, privacy and safety issues.
What’s also encouraging
is the formation of several IoT vendor alliances, including theThread Group, the Open Interconnect Consortium, the AllSeen Alliance and theIndustrial Internet Consortium.
Although each is focused on a different IoT developer and user community, all
of the groups appear to be supporting the wider use of data encryption and
other security measures.
Daunting Challenges
Despite progress, the
task of securing the IoT still faces many daunting challenges.
McKinsey & Co.
and the Global Semiconductor Alliance (GSA) recently reported that
while some parts of the IoT landscape have well-defined standards, other
aspects either have none or multiple, competing standards.
Additionally, and
although helpful for handling the expected flood of IoT
data, software-defined networking (SDN) is creating added security
concerns because of its use of multiple communications channels and
remotely located computing resources.
Advances in
autonomous driving — such as those that will require cars to connect to each
other and to roadway infrastructure — will spur the need for more robust
safety, security and risk mitigation.
Lastly, and most
importantly, leading technology companies still haven’t fully committed
themselves to finding solutions for securing IoT applications.
Despite
progress, the task of securing the IoT still faces many daunting challenges.
If today’s titans of
technology won’t step up to secure the IoT, that vital endeavor may fall to the
multitude of startup companies that are fueling much of the industry’s current
growth. Gartner estimates that by 2017, more
than half of all IoT
products and services will be developed by companies less than three years old.
And while some of these newcomers are likely to have formidable technical
expertise, many will lack the knowhow or capability to implement the tight
security that is needed.
Securing The Future
As an industry, how
can we support this new generation of technologists and equip them with the
deep expertise and context necessary to create a truly secure IoT?
First, we should
encourage them to collaborate more closely with silicon vendors’ software, hardware
and manufacturing ecosystems. Chip vendors and their partners can be invaluable
guides for inexperienced product developers learning to navigate the complex
array of available security standards and components.
We also can do
better at education. A primary example of how this is being addressed is the
establishment of security labs, such as those launched by Microsoft, Breed
Reply and Indiegogo, where developers and partners can get hands-on access to
systems and test beds to help advance development. Participants learn that
security must be considered from the beginning of every IoT project, and should
remain a priority through design, development and manufacturing — and even
after the product or service is in operation.
In a perfect world,
security risks and breaches wouldn’t exist. But, as virtually everything in our
Internet-enabled world becomes increasingly connected, everything is becoming
accessible and, therefore, potentially vulnerable. We may never fully solve
that fundamental contradiction, but by working together, we can begin to build
the secure IoT that the world deserves.
| ||
======================================================= https://www.youtube.com/watch?v=HTgYHHKs0Zw&__scoop_post=bcaa0440-2548-11e5-c1bd-90b11c3d2b20&__scoop_topic=2455618 ============================================== Special Bulletin - My just released book, "You're Hired. Super Charge our Email Skills in 60 Minutes! (And Get That Job...) is now on sales at Amazon.comGreat Reasons for Purchasing Netiquette IQ
·
Get more
email opens. Improve 100% or more.
·
Receive
more responses, interviews, appointments, prospects and sales.
·
Be better
understood.
·
Eliminate
indecision.
·
Avoid
being spammed 100% or more.
·
Have
recipient finish reading your email content.
·
Save time
by reducing questions.
·
Increase
your level of clarity.
·
Improve
you time management with your email.
·
Have
quick access to a wealth of relevant email information.
Enjoy
most of what you need for email in a single book.
================================================**Important note** - contact our company for very powerful solutions for IP management (IPv4 and IPv6, security, firewall and APT solutions: www.tabularosa.net In addition to this blog, Netiquette IQ has a website with great assets which are being added to on a regular basis. I have authored the premiere book on Netiquette, “Netiquette IQ - A Comprehensive Guide to Improve, Enhance and Add Power to Your Email". My new book, “You’re Hired! Super Charge Your Email Skills in 60 Minutes. . . And Get That Job!” will be published soon follow by a trilogy of books on Netiquette for young people. You can view my profile, reviews of the book and content excerpts at: www.amazon.com/author/paulbabicki If you would like to listen to experts in all aspects of Netiquette and communication, try my radio show on BlogtalkRadio Additionally, I provide content for an online newsletter via paper.li. I have also established Netiquette discussion groups with Linkedin and Yahoo. I am also a member of the International Business Etiquette and Protocol Group and Minding Manners among others. Further, I regularly consult for the Gerson Lehrman Group, a worldwide network of subject matter experts and have been a contributor to numerous blogs and publications.
Lastly, I
am the founder and president of Tabula
Rosa Systems, a company that provides “best of breed” products for network,
security and system management and services. Tabula Rosa has a new blog and Twitter site which offers great IT
product information for virtually anyone.
|
Sunday, October 4, 2015
Tabula Rosa Systems - How Will The Internet Of Things Be Securely Supported?
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment