Securing the IoT: 4 rules for product developers

Callum Barnes, product owner, Xively by LogMeIn

Believe it or not, we are living in the IoT era. What felt so futuristic only a few short years ago is here now — and it is here to stay.

Analyst firms are predicting that 4.9 billion connected things will be in use by the end of this year and that number is expected to skyrocket to 25 billion by 2020. These numbers are very attractive to both entrepreneurs and big businesses looking to make their mark in IoT. Today, nearly every company is working out an IoT strategy and it is very likely that connectivity will be a component of all new products in one way or another, says Callum Barnes, product owner, Xively by LogMeIn.

The excitement around IoT is bringing amazing innovations to market – but there is some concern that the rush to be first may result in less than ideal application development. The US Department of Homeland Security is so worried about the security of IoT products that it recently set up its Silicon Valley Office’s (SVO) first remit, which is to look for solutions to IoT security. While they are working on that, there are some steps you can take right now while developing a connected product. When looking at a potential IoT project, ask yourself if it meets these rules for development:Group Of Business People Working And Global Networking Themed Images Above

Rule #1: Weigh the pros & cons

Before embarking on any project, designers should weigh the pros and cons of creating a connected product or features. What security holes does it open up? A good way to do this is to apply the STRIDE threat-modelling framework, originally developed by Microsoft. It provides a way to rigorously asses the security implications of specific smart features. While it may decrease the speed of development at the start, it will save a lot of heartache and brand tarnishing if something goes wrong.

Rule #2: Put safety first

It is not enough to have great security, IoT devices and systems must be designed with compromise in mind. For devices that have critical applications including automobiles and medical devices, safety should always be the primary development concern. However, this is a good rule of thumb for all device development. Devices should ensure that critical functions of the device could not be affected or compromised by ‘smart’ features.

Rule #3: Don’t believe in security through obscurity

Products must be designed with the assumption that they will be purchased, dissected and studied. One of the most common mistakes at the development phase is the assumption that hackers will not be interested enough in the product to find and exploit security flaws. Security shortcuts such as improperly embedded private keys or weak authentication might save time and speed up deployment, but being first to market won’t mean a heck of a lot if your company is splashed all over the newspapers for a security breach.

Rule #4: Authenticate, authenticate, authenticate

As much as we may hate the hassle of changing passwords, setting a user password once is not enough to secure a device. Device level security is required to ensure your product is truly secure. The IoT is bringing about new ways to secure physical devices originally only used for military or government assets. Hardware security chips (such as TPM) allow devices to securely authenticate themselves by using Public Key Infrastructure (PKI), the same technology used to secure online banking and other important transactions (HTTPS). This ensures your users data is safe and secure and can help companies prevent clones or fraudulent devices.Security concept: pixelated Locks icon on digital background, 3d render

As we embark in this new era of IoT, many companies are learning that building, running and supporting a connected product is not as easy as it may seem. As with most things, speed does not equal quality. Tackling security and privacy risks is a multifaceted challenge and any business looking to design and deploy applications must wrap a robust security policy around every decision. For those new to IoT, platform-as-a-service companies can help businesses address security and data integrity issues. Even for the most experienced product companies, finding the right IoT partner can help you avoid serious pitfalls and ensure you are delivering a quality product to the market.

The author of the blog is Callum Barnes, product owner, Xively by LogMeIn.

Comment on this article below or via Twitter: @IoTNow_ OR @jcIoTnow

RECENT ARTICLES
Background design with neon fingerprint

WISeKey launches SeyID Digital Identity platform in Seychelles

Posted on: April 23, 2024

WISeKey has announced it has the project to deliver a new Digital Identity platform, “SeyID”, by the government of Seychelles. SeyID will be linked with different national initiatives covering eGovernment, eTourism and eHealth.

Read more
white house green cloth assortment

Smart home technology saves money and helps protect the planet

Posted on: April 22, 2024

In the global battle against climate change and to be more sustainable, the quest for energy efficiency has taken centre-stage. The focus on sustainability is an increasing emphasis on humanity’s finite resources and the effect of our energy-consumption habits on the world around us. This heightened awareness is leading to a radical rethinking of how

Read more
FEATURED IoT STORIES
What is IoT answer

What is IoT? A Beginner’s Guide

Posted on: April 5, 2023

What is IoT? IoT, or the Internet of Things, refers to the connection of everyday objects, or “things,” to the internet, allowing them to collect, transmit, and share data. This interconnected network of devices transforms previously “dumb” objects, such as toasters or security cameras, into smart devices that can interact with each other and their

Read more
iot adoption

The IoT Adoption Boom – Everything You Need to Know

Posted on: September 28, 2022

In an age when we seem to go through technology boom after technology boom, it’s hard to imagine one sticking out. However, IoT adoption, or the Internet of Things adoption, is leading the charge to dominate the next decade’s discussion around business IT. Below, we’ll discuss the current boom, what’s driving it, where it’s going,

Read more

9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more
IoT Now Enterprise Buyers’ Guide Which IoT Platform 2021

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more
CAT-M1 vs NB-IoT

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more
internet of things isometric illustration of connected things

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, home automation using iot is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more
iot challenges and issues

5 challenges still facing the Internet of Things

Posted on: June 3, 2020

The Internet of Things (IoT) has quickly become a huge part of how people live, communicate and do business. All around the world, web-enabled devices are turning our world into a more switched-on place to live.

Read more