Three steps for global IoT security

A delivery company might want to provide
real-time parcel tracking information for customers.

Three years ago, Gartner predicted that by 2020 there would be 20 billion connected ‘things’ in circulation. A lot has changed in three years. In fact, a lot has changed in the last 12 months, says Mikael SchachneCMO and VP of Mobility & IoT at BICS.

The pandemic has meant an increased reliance on digital services and infrastructure by consumers and businesses. Embedding connectivity into ‘things’, connecting these to a global Internet of Things (IoT), and managing the connected assets, are key elements of this.

IoT business use cases are wide-ranging. A utilities company might want to embed connectivity into smart meters, for instance, to track energy usage and provide more tailoured plans for customers. A delivery company might want to provide real-time tracking information for consumers about their parcels. A manufacturer of remote patient monitoring devices will want to ensure that the technology can be used by healthcare providers anywhere in the world. 

Managing security and complexity

In addition to embedding connectivity into assets, businesses must also effectively manage these assets. Arguably the most important element of this is managing IoT security. IoT devices are now responsible for almost a third of all security breaches observed in mobile networks, up from 16.17% in 2019, according to Nokia’s Threat Intelligence Report 2020.

Most IoT projects are based on complex ecosystems, involving numerous players and covering a range of use cases, across multiple access technologies and device layers. Every IoT layer is prone to different risks. This creates a broad range of threats, from data interception and impersonation, to location tracking, denial-of-service fraud and SIM swap.

Due to the scale and diversity of vertical sectors embracing the IoT, the potential impacts are severe. Imagine, for instance, a malicious actor taking control of endpoints in an industrial IoT setting a processing plant or smart grid.

Taking advantage of the opportunities that the global IoT presents must therefore involve not only embedding connectivity and managing these assets, but also investing in robust security measures.

IoT security can be strengthened in a number of ways. First, by leveraging a connectivity platform which provides asset management and security features. Second, via the use of a private IP Packet exchange (IPX). And finally, through increased collaboration and cooperation between all members of the IoT ecosystem.

  • Adopt a connectivity platform

Connectivity platforms for IoT-connected assets are an easy way for a business in any vertical sector to launch and monetise an IoT proposition. They allow businesses many of which will not have a background in telecoms to troubleshoot problems with connectivity, integrate data with back-end systems, and track connected assets.

Importantly, platforms also offer a set of readily accessible security features. These include a network firewall, abnormal behaviour detection and alerts, fraud prevention, real-time geolocation of assets, and secure integration with back-end systems either via VPN or IPX connections.

Many organisations will be unfamiliar with managing connectivity of devices and managing the security associated with them. Connectivity platforms must, therefore, offer a pro-active approach to IoT security. What would this look like in reality?

Mikael Schachne of BICS

Say you’re a logistics manager at a warehouse and you are tracking shipments of pallets to ensure they arrive at your warehouse, to then reach their end destination. A connectivity platform will not only allow you to view the location and connectivity status of all of your pallets passively, it will also actively alert you to potential issues. Traffic overloads on a network, loss of connectivity, or unusual activity patterns can all be highlighted. Alerts can then be sent via email, SMS or connected APIs.

The majority of IoT applications follow very clear patterns of use. For example, if a device that is supposed to send a report of 1MB once per week starts sending more data or more often, this can be an indication of malicious activity. Instead of waiting for you to take action, a platform can then automatically block or throttle traffic to stop cyber-attacks before they’ve had a chance to do substantial harm. And the potential for harm is huge. In 2021, cybercrime damages might reach $6 trillion (€4.94 trillion) equivalent to the GDP of the world’s third largest economy.

  • Use a private IPX

Next, the IoT can be made more secure by using an IPX. IPX is a framework of services managed by international carriers, providing interconnect and roaming interworking for mobile operators and service providers. IPX covers data, signalling, voice and messaging, includes transport/proxy and hub services, and ensures an end-to-end premium quality of service and one which is ultra-secure.

Connecting mobile operator and points-of-presence across the world, a secure and reliable IPX serves as a global backbone for IoT transport. Businesses are able to be securely connected via IPX, either from their private data centre, or from their applications running on a public cloud provider like AWS, Google or Azure. The IPX connection is fully secured and wholly separate from the public internet. A secure connection to any cloud-hosting site is critical. This is where a business stores, manages and analyses the data from its connected proposition; a treasure trove for hackers.

  • Collaborate and co-operate

It’s here that the third IoT security must-have comes in collaboration. The size and diversity of the global IoT is significant. It encompasses device manufacturers, mobile network operators (MNOs) and mobile virtual network operators (MVNOs), new entrants capitalising on the IoT, and incumbent telcos that provide the critical connectivity infrastructure.

Collaboration is required among all of these stakeholders to ensure that the ecosystem is secure. Bodies like the GSMA and GSA, as well as groups like the ITW Global Leaders Forum, play an important role. Carriers and IPX providers meanwhile can serve as the critical bridge between the telco and digital worlds.

The digitalisation we saw in 2020 wasn’t a passing trend. As more organisations connect to the global IoT, all parties mut ensure they take the required steps to secure the ecosystem. Adopting a connectivity platform, using a private IPX, and collaboration across the industry will help organisations better protect their subscribers and their business. 

The author is Mikael Schachne, CMO and VP of Mobility & IoT, BICS.

Comment on this article below or via Twitter: @IoTNow_OR @jcIoTnow


9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, iot home automation is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more

What is a vCIO and why do SMEs need them to thrive?

Posted on: September 28, 2021

The pandemic forced many small and medium-sized companies to rethink their business plans and the technologies they use. The hybrid and remote workforce has spawned technology challenges, including cross-team collaboration and vulnerabilities. Additionally, says Gary Pica, founder and president of TruMethods, a Kaseya company, many businesses are now evaluating regulatory issues and boosting cybersecurity measures.

Read more

Truphone enables mass IoT deployments with iSIM collaboration

Posted on: September 28, 2021

Truphone has announced that, in collaboration with Sony Semiconductor Israel Ltd., a cellular IoT chipset provider, and Kigen, a global security provider, it has enabled its IoT platform and global connectivity to run on the integrated SIM of Sony’s Altair cellular IoT chipsets, powered by Kigen iSIM OS.

Read more