Security is still a series of open-ended questions
The security of connected devices themselves is important, of course, but perhaps even more crucial is the security of the network and the platform to which those devices are connected.
Most CIOs will deal with the first phase of the Internet of Things by investing in and deploying a platform. Any number of them exist, but the one getting the most buzz right now seems to be Google’s Brillo product, along with the AllJoyn platform from Qualcomm and the platform created by the Industrial Internet Consortium.
The idea behind a platform, among other things, is to quickly create the sort of massive device network you need to do interesting IoT related tasks by automatically letting joined devices see the network and talk to the network as well as, in some cases, each other. A bunch of chatty devices is one problem, but what happens when there’s a breach or a vulnerability? How quickly might an unmitigated exploit travel across the device network? What sorts of risks are there to the sensor data, activity data and transmission of that data should an error occur? What sorts of protections are built into the sharing and connectivity protocol such that transmissions are secure, encrypted and not vulnerable to man in the middle and other attacks? How will you integrate security on the IoT platform with existing security products, policies, and procedures that you have in place in your organization today?
“Current IoT security is where the internet was in 1984 – no baked-in security, encryption or authentication,” says Raj Goel, CTO of Brainlink International, a consultancy in New York. “Adding IoT to a developers' resume does not magically make them competent, secure developers. Large developers haven't been able to build and sell secure home routers (which have far more CPU, RAM and capabilities than IoT devices), so I have far less faith in the competency of IoT lightbulbs, plant feeders, TVs or fridges.”
Goel’s point about faith in the system is well-taken. There aren’t many people in the IT industry that’ve attempted to manage networks with the sheer number of devices connected to them that an IoT-style network portends. To that end, there also aren’t many IT pros that’ve constructed network solutions of this scale with security in the forefront of their architecture and design.
Inexperience with creating a large platform with security in mind and inexperience deploying a mass network of devices in a secure way could create a recipe for major breaches and security issues. The IoT is very much a greenfield area in IT. It not only presents a ton of organic application opportunity, it also offers a chance to design and architect solutions with security integrated right from the start, rather than as a bolt-on sort of feature that checks off a box in future iterations.
Sign up for Computerworld eNewsletters.