Right-sizing M2M security: The best protection is security tailored to your application
(Blog) — As the volume of M2M devices and data increases, so do the associated security risks. The question, says Olivier Beaujard (pictured), is what should enterprises using machine-to-machine communications (M2M) and OEMs developing M2M solutions be doing now to protect their applications and secure the data centre?
The obvious answer may seem to be ‘everything they can’, but in practice the goal for an M2M application should not be to provide the ‘most’ security. It should be to provide the right level of security for that specific device and application. This is because the above question is more complicated than it may seem.
The phrase ‘M2M application’ encompasses a full ecosystem that extends beyond the device itself, including the cellular network, M2M cloud management platform and back-end enterprise application, all of which have unique security considerations. Even on the M2M device itself, security is not straightforward. Most M2M devices don’t have a full operating system or enough processing power to support or run advanced security software.
Is the answer then to build every M2M device with a full operating system? No, the smartest M2M security is that which is tailored for the specific application.
To do this, one needs to understand three essential truths about security:
- Ensuring the right level of security is always necessary: No enterprise would deploy a system that afforded free reign for attackers, and no legitimate M2M vendor in the marketplace today would build one
- No system can ever be 100% secure: Security must align with the expected lifetime of the solution. It should be secure enough for the threats faced today, but upgradable to defend against future threats
- Security always means constraints: The more security a system employs, the higher the costs to build and operate it, the more usability will suffer and the more restricted it will be in the features it can support. Ultimately, too much security can be just as problematic as too little.
A secure M2M application must protect the transmission of private and confidential data. This involves data encryption and secure transmission technologies across multiple segments of the M2M application – between deployed devices, the M2M cloud management platform and the enterprise application. Moreover, securing M2M apps requires robust authentication and fault tolerance mechanisms that provide effective protection against malware and ensure resilience of the M2M ecosystem.
Finally, to maintain security in a constantly evolving environment, enterprises and OEMs must be able to update M2M devices and applications quickly and remotely, across thousands or millions of deployed devices.
Today the risk is relatively low, as M2M has not reached the kind of critical mass that attracts significant attention from hackers. That being said, M2M is very quickly growing, and given the widening scope of information being collected through M2M systems, ensuring it is properly secured is a key consideration in any implementation project. Any enterprise or OEM can achieve the ‘right’ level of security for its M2M application, both today and for the future. The key is to work with vendors that understand not just security, but have deep expertise and extensive field experience in M2M itself.
The blog’s author is Olivier Beaujard, vice-president of Market Development at Sierra Wireless.