Safeguard Your Privacy and Security In The Internet Of Things World
Developers Come Together to Create the Internet of Things Security Foundation
Security and privacy are huge new concerns in the age of the Internet of Things. With objects talking to each other, transmitting information about where they are and what’s happening to them, the opportunity for criminals to intercept and steal data is expanding exponentially.
Massive data breaches are already a threat as hackers seek to steal private information stored in corporate and government customer databases. Add to that the risks inherent in using a smartphone for transactions such as banking and tap-to-pay applications, and the stakes rise even higher.
It’s no wonder then that the average person is worried about their ability to maintain their privacy in this environment. A survey conducted in 2015 by the Pew Research Center showed that for 93 percent of Americans it is very important that they control who can get information about them.
And yet, confidence in those collecting the information is low. Government agencies and telephone companies received only a 31 percent vote of confidence that they would keep private records secure. Credit card companies are viewed somewhat more highly, with 38 percent expressing confidence in the security of their data.
The pressure is on for companies to ensure they have the best possible protection for their data, and that entrusted to them by clients.
With the rapid evolution of the Internet of Things, “the attack surface for adversaries is target-rich,” according to a report from the IoT Security Foundation.
In other words, every time a new application is born there is potential for exploitation by the unscrupulous. Data security needs to be as important as the application that uses that data.
A little more unsettling is the notion that existing technology vendors may have forgotten some of the security lessons learned during the early years of networking and cloud computing. And new vendors pushing into the market have not learned them yet.
That’s why a group of developers has come together to create the Internet of Things Security Foundation. It’s a non-profit, vendor-neutral and collaborative effort “designed to propagate good security practice, increase adopter knowledge and raise user confidence.”
“When adopting IoT it is crucial for businesses to factor in security aspects from the start of the initiative,” says Foundation member Elevenpaths in its paper Insecurity in the Internet of Things. “Creation and employment of procurement standards for IoT devices is essential, particularly in this nascent stage of the lifecycle, applying lessons in network, application and cloud security.”
The good news is that because of the Internet of Things’ immaturity—it’s not likely to reach widespread implementation for five to 10 years—there is time to ensure that security by design is reinforced as a key principle in IoT technologies.
The lesson is that IoT security needs to be a boardroom concern for companies embarking on IoT-enabled enterprise.
As the foundation points out, “with more than just reputations at stake, it is imperative that technology providers, system adopters and users work together to ensure security is fit-for-purpose. It is fundamental to the adoption of systems and reaping the social and business benefits.”
It’s clear that an extremely cautious, eyes-open approach is needed to ensure the success of any IoT venture. Your company’s reputation, and entire business model could be at stake and open for the taking if your security measures aren’t ready for a potential attack.
Greg Braun is senior vice president at C3 Solutions Inc., a supply-chain execution company specializing in yard management and dock scheduling.