(SECURITY BLOG) — If you mention connectivity, the majority of people think of smartphones, PCs, web TVs, web cams, and the internet. However, these popular devices will only make up a small proportion of the M2M hyper-connected world of the near future. And, as Peter Holmelin (pictured), Netop says, with the predicted numbers of these devices set to balloon over the next few years there are some serious security ramifications for businesses.
Big Data collection starts here
Across the world there are thousands of smart devices all with sensors, all connected and all sending information somewhere. If you haven’t heard it before, the term the ‘Internet of Things’ (IoT) will soon become commonplace and the ‘things’ it describes are those very devices.
These M2M smart devices will be the ‘front line’ for data capture, with the internet becoming a simple transport mechanism rather than the core of connectivity. The data could be anything from re-ordering ingredients for a coffee machine, a smart utility meter sending data to the accounts department, or a sensor feeding back into a temperature safety system. But what is important for the bigger picture is that we are seeing the first stage in the capture of Big Data – in which these devices will be key.
Millions of devices means millions of access points
However, while all this connectivity will speed up information gathering, responses and increase efficiency, a potential downside is the impact they will have on security. Each connected device represents a security risk through the millions of new ‘attack surfaces’ now available.
Perimeter security will no longer be enough, as you won’t easily know your perimeter any more. Whereas before online attacks would be directed at a limited number of computer ports, in the near future there will be billions of devices each connected to each other as well as the corporate network. Each one has the potential to be hacked and be used as a pivot point into the rest of the corporate network.
To make an analogy BYOD (Bring Your Own Device) currently presents a similar but lesser threat. In BYOD’s case most of the devices are known (smartphones, tablets, PDAs and smart TVs) and there are drastically smaller numbers involved than the predicted numbers of M2M smart devices. But even with these lesser numbers the threat BYOD could pose is significant. With that in mind can you imagine the threat posed by billions of relatively unknown M2M connected smart devices? After all, few people have more than one smartphone but it is predicted that eventually many organisations will have millions of smart devices.
Securing remote devices
To make a smart device smart, it will have ‘intelligence’ bestowed via an embedded module. As embedded modules employ powerful processors to perform increasingly complex tasks it all equates to more code. The more code there is the more opportunity a hacker has to access that code and take control. As a result you will see a growing need for sophisticated encrypted communications links in addition to expected individual device and central systems’ protection.
As ever, standards will be important and the European Commission is working on the issues relating to security and privacy with the IoT. Already its Engineering Task Force is working on a standard for secure communication between objects in the IoT. This is a crucial and important step towards a universally accepted security infrastructure for M2M communications.
A good starting point
However, while the regulations are being developed and the predicted proliferation of smart devices has yet to become reality, there are still a lot of unknowns to be discovered. Being pro-active by applying today’s principles is a reasonable place to start and plans for securing your M2M smart devices should include:
• The ability to support hundreds of thousands of machines from a single console
• Security measures that enable organisations to centralise controls, integrate with existing corporate policies and adhere to compliance requirements
• Logging and reporting capabilities, so companies can perform session audits
• The ability to support unique and emerging technologies and devices.
Securing the organisation without compromising the business
To sum up, it is predicted that over the next few years M2M smart devices will grow significantly in number. These devices will form a critical component in many organisations’ future networks as companies seek to increase efficiencies and reduce costs.
While adding to an organisations’ performance, these devices will also present a threat that will need to be addressed. And as M2M data becomes an integral part of an organisation’s management information system, solution providers will need to be ready and have security solutions in place to address the issues. However, although a potential risk there are also significant benefits to be had. The millions of bytes of information these devices will collect will form the beginnings of the building blocks of Big Data, which is said to be the next step in the future of corporate information analysis.
In time we will see the emergence of solutions that meet ISO 27001, the overall ICT security standard that covers compliance within many business aspects such as equipment, software and overall processes. But to mitigate risks, action should be taken now. Ultimately, the big question for those using M2M and preparing for the explosion in growth of smart devices will be how do you secure the organisation without compromising the business?