The Internet of Things; The New Factor to Consider in IT Security
The technology industry is well known for its love of jargon or ‘buzzwords’, which often seem designed specifically to confuse rather than clarify.
Over the last couple of years the so-called ‘Internet of Things’ (IoT) has been widely talked up but as is often the case the majority of by-standers remain largely unclear about what it really means.
It certainly has the potential to make a positive impact for businesses, their customers and for the general public.
Equally, it has the potential to cause significant disruption, especially if the security implications are overlooked.
In simple terms, any device that is capable of capturing, receiving or transmitting information via the internet, independent of direct user input, is effectively part of the Internet of Things.
In a domestic setting, that includes heating or lighting systems that can be operated remotely via the associated app on a mobile device.
One of the best examples in a commercial environment are the lifts, or elevators for those across the pond, with sensors to capture and communicate key datapoints that determine maintenance schedules rather than the traditional fixed service intervals.
Not only does that create efficiency, it also gives confidence that everything is operating safely. Win-win.
That is, of course, assuming that security on the devices involved has been set up correctly.
Sadly, that’s often not the case and there are numerous stories circulating about cameras installed in school classrooms with default passwords. For those who know what they’re doing that makes gaining access to live feeds a relatively straightforward exercise.
If basics such as password protocols aren’t addressed then there could be a frightening, and infinitely increasing, number of entry points through which hackers can access systems and data.
A recent study by HP suggested that smartwatches, either directly connected to the internet or connected via mobile devices, carry major security flaws.
And a YouTube video, posted in the last week, shows hackers taking control of a car on the public highway leaving the driver completely powerless. Thankfully, their aim is to raise awareness of the potential threat and encourage others to join them in ensuring that the industry take urgent action.
Scare-stories aside, more often than not the ultimate prize for the criminal hacker is data.
Data sits at the centre of most systems yet traditionally the focus has been on protecting the perimeter.
Unfortunately, a combination of the IoT and the proliferation of mobile devices makes it increasingly difficult to define, let alone protect, the perimeter.
The simple answer is shift the focus for IT security to the data.
And there are actually plenty of technologies focused on protecting data that have been around for years but are not in wide use.
Encryption effectively renders data worthless should it fall into the wrong hands.
More importantly, encryption can be applied at a number of levels including specific files or the devices themselves – everything from usb sticks and memory cards to laptops and smartphones.
So when you’re considering the future of your IT security arrangements, encryption should certainly be top of the list and well ahead of options such as sandboxing and demilitarised zones which bring us back to where we started.
Our best advice? Leave the jargon behind and keep it simple.
Technology Services Group (TSG) have created a series of Technology Talks focusing on IT security, including one about securing mobile devices and the potential impact of the IoT. View it on their blog, here.
By Steve Cox, COO at Technology Services Group (TSG)
Steve Cox began his career in IT services was with Ford Motor Company, building, installing and managing the internal communications system across their European network.
From there, he moved on to Top 5 accountancy firm Moore Stephens where he sat on their IT committee, looked after the partners and managed the transition from IBM OS2 to Windows, providing support for offices throughout the UK.