The Internet of Things is fraught with security issues, and it seems like it might be getting worse. With the number of connected devices forecasted to grow hand over fist in the coming years, we are going to see greater numbers of cases where and IoT device was the source of the issue.
Why is this? Why are IoT devices so insecure and why was security not in the forefront of everyone’s mind when creating this new Internet of Things device?
Looking closely at the issue we see a clash of two worlds; the “old school” machine camp and the “new school” internet camp. As exciting as the opportunities for these connected products with services are, we need to keep in mind that they will require two fundamentally different worlds to work together. The first: the physical world, the second: the service world. The physical world has traditionally been dominated by what I call the “machine camp.” This is made up of manufacturers, engineering companies, and so on.
Now, on the other side of things we have the “new school” internet camp, this is companies that have over the last two decades or so transformed several industries with Internet-based service offerings.
Traditionally, these two camps don’t work together, nor have they ever worked together. That’s until now, M2M and the Internet of Things have forced them to try and function as one. Before we get into that, let’s look at them more closely and see where the security issues might come from.
Most people that work in the machine camp work for companies that have long heritages, some with roots in the early Industrial Revolution. To maintain such long-term success, and keep themselves in business they employ careful risk management and long-term strategic thinking.
Those in the Internet camp usably start on green-field projects without the restrictions of existing products and lines that must be maintained or corporate governance rules that must be followed and often take much larger risks.
Both camps have extream cultural differences from how they are funded and managed to how they plan projects.
A key difference is how the companies start and build new products. Most traditional companies operate in a Waterfall model, while most in the internet camp have now adopted a more agile approach. Many Internet companies often following perpetual “beta” approach, and some large internet-based services roll out multiple updates and improvements a day. While those in the machine camp come from a world where a single failure can have potentially deadly consequences or at least result in an image-damaging product recalls and more. They also use long quality assurance cycles and aim to have zero defects/bugs.
What this ultimately comes down to is IoT products produced by both sides, and they BOTH have security issues.
The Traditional side will deliver a solid product that will not fail just as they have been doing for years now, but when it comes to security on the Internet, it falls way short.
The Internet companies have done a great job creating an easy to use and secure product by working closely with customers and users for years on what is the best possible layout and design for a use case – but have failed to secure the hardware.
Both of the security issues result in $0 in your bank account next week!
Bring them together!
When this two mix we see something interesting happen, and that is perfect for IoT. Grabbing people from both sides is critical, this allows the correct backgrounds to come into play to create a fully secured and easy to use device and service.
How to avoid security issues in IoT
After asking a question like “How do I avoid my CC number from being stolen online?” the best answer is “Don’t use your CC online.” Just as we all do, we all take some risk when shopping online; we hope the site we bought something from does not get hacked, and our personal data is stolen. It’s the same deal with IoT; there is a risk, all we can do is minimize that risk by using trusted sources on both sides of your IoT product.
Learn more about IoT Security and Use Cases.
When trying to understand the Internet of things it starts to get confusing when you attempt to “swallow” the whole pill at once. IoT is a BIG pill and can get larger the longer you think about it or even search online for answers. The Internet of Things should not be this complicated and in my latest book “Untangle the IoT Mystery” I cover the very basics of what makes up the Internet of things from a full blow product to the smaller parts of the project or product like hardware and software. When looking at this I also dig into IoT security and how to avoid getting yourself in trouble. Security with IoT is relatively simple as long as you follow the easy to use rules I lay out. After many years in both the M2M industry along with IoT my new Book provides you with a proven IoT Strategy Framework and the all-important IoT Checklist to keep you running smooth.
This book is for someone that really wants to understand how the Internet of Things works from basic understanding all the way to advanced use cases. In this book, I have also given you my IoT Strategy checklist that outlines how to start and ensure your project will not go in the fail column. I encourage you to use this book as a guide and reference when developing or getting involved in an Internet of Things Project.