A practical approach to IoT security

Scott-N Dr. Scott Nelson

IoT hit the peak of the Hype cycle recently, so according to analyst firm Gartner we are on our way down into the Valley of Disillusionment. Ish. Based on an informal polling of the blogosphere, says Dr Scott Nelson of Logic PD, security is likely to be the gravity that pulls us down the slope.

Securing systems on the Internet is not easy and the enemy continues to evolve. Given recent news articles about the hacking of everything from insulin pumps to grocery stores one might say it is impossible. I should say ‘enemies’ – plural. IoT security has multiple enemies: human error, poorly designed or tested software, paparazzi, individual stalkers, hackers, governments – the list goes on.  Security is important, in many applications critical, but it is also fleeting.

I have heard more than one security consultant say that no system is impenetrable and ”if your electronic payment system hasn’t been hacked it’s only a matter of time.” Yet we conduct billions of dollars of commerce over the internet every day. The answer to IoT security is a combination of appropriate technology, contextual awareness, and good business judgment. Basically, we need a practical approach to the seemingly impossible task of IoT security.

When it comes to technology, there are good security standards in place and have been since the early days of the Internet. Web browsers, operating systems, and many applications already use secure technologies like TSL, SSL, and Secure Elements. Apple’s recent announcement of Apply Pay shows that new technology is not the issue: Secure Elements, biometric sensors, and encryption are all standard issue in mobile devices today. Many of the recent security breaches in the news have been shown to be errors either in the deployment of the security or user error in the use of the security technologies available. The first step then to IoT security is to properly deploy and use the standards and technologies that exist. Use good practices like multi-modal authentication and secondary keys to deter simple, brute force attacks.

Since information security technology is vulnerable, it creates a business risk. How should IoT companies deal with that risk? To best do this, organisations must first understand the context for security in terms of customer needs, market expectations, and threat behaviour. First let’s look at the needs that motivate an enterprise to pay for security. The needs for security at the enterprise level come from the needs of the enterprise’s customers which in turn become expectations of the brand. The needs can be grouped into three types:

  • Assurance-knowing that the data provided or processes controlled by the data are timely, truthful, and accurate.
  • Privacy-knowing that access to data and information is controlled and limited to those who are allowed to have access.
  • Liability-knowing that the value of the asset or process to which the data applies is protected.

Security is the currency of trust for these needs.  The more secure the system the more customers trust both the system and the brand. Understanding the customer motivations from these needs as well as the link between security and trust provides a foundation for business practices to deal with the technical risk data security presents.

So where does an organisation start?  Here are three steps to a practical approach to IoT security:

  1. Maintain your technical diligence – Keep your code makers current and accountable with outside audits and advice. The technology needed is available and the threats are understood, but the situation is dynamic.
  2. Prepare for the inevitable – Your systems, your suppliers systems, or your competitors’ will be compromised. Prepare your team for immediate action and your public response to address your customers’ needs. Be prepared to protect your brand by maintaining trust with your customers.
  3. Address all customer motivations for security – Your offerings should do more than comply with standards or use the latest recommended approach for your primary security need. Assurance needs can become liability and liability needs can transform to privacy.  Make sure your approach to meeting customers’ needs is comprehensive – manage the trust they put in your brand.

Internet security is going to continue to be an issue. The well prepared enterprise will understand what motivates customers to pay for security, even pay a premium, and will not only address those motivations with their solutions but also have a plan to restore trust immediately when the inevitable occurs.

As CTO and executive vice-president, Dr. Scott Nelson is responsible for leveraging Logic PD’s technology expertise and offerings across a wide range of markets with a focus on connected solutions and the Internet of Things (IoT). Scott has nearly 25 years of experience leading technology and product development. Prior to joining Logic PD in 2000, Scott worked for 3M and Honeywell. Scott Nelson is a frequent contributor to Logic PD’s Blog, Insights (www.logicpdinsights.com/) . He holds a Ph.D. in applied and engineering physics from Cornell University, a doctoral minor in business administration from the Samuel Johnson School of Management at Cornell University, and a B.A. degree in physics and mathematics from St. Olaf College. 

RECENT ARTICLES

Workz debuts unrestricted IoT device management

Posted on: May 3, 2024

Workz, a cloud-based eSIM vendor, has launched its new remote device management solution designed for the Internet of Things (IoT) industry. The platform eliminates the restrictions associated with traditional technologies

Read more

Itron improves Temetra platform for water utilities in Australia and New Zealand

Posted on: May 2, 2024

Itron expands the capabilities of its Temetra platform in Australia and New Zealand to include NB-IoT communications, enabling digital transformation for water utilities. Temetra’s comprehensive offering includes metre data processing,

Read more
FEATURED IoT STORIES
What is IoT answer

What is IoT? A Beginner’s Guide

Posted on: April 5, 2023

What is IoT? IoT, or the Internet of Things, refers to the connection of everyday objects, or “things,” to the internet, allowing them to collect, transmit, and share data. This

Read more
iot adoption

The IoT Adoption Boom – Everything You Need to Know

Posted on: September 28, 2022

In an age when we seem to go through technology boom after technology boom, it’s hard to imagine one sticking out. However, IoT adoption, or the Internet of Things adoption,

Read more

9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way

Read more
IoT Now Enterprise Buyers’ Guide Which IoT Platform 2021

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT

Read more
CAT-M1 vs NB-IoT

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more
internet of things isometric illustration of connected things

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, home automation using iot is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for

Read more
iot challenges and issues

5 challenges still facing the Internet of Things

Posted on: June 3, 2020

The Internet of Things (IoT) has quickly become a huge part of how people live, communicate and do business. All around the world, web-enabled devices are turning our world into

Read more