The IoT juggernaut continues: Forecasters like Gartner Research predict that the typical home will have nearly 500 networked devices by 2020 (not me; I’m still wondering why bother?). Big name companies like GE and Siemens pitch their IoT successes at various conferences.
The much-hyped Internet of Things concept promises to tackle common problems: such as the complexities of managing product life cycles and the lack of interoperability between information technology and “operational technology.” (Back in my day, operational technology (OT) was better known as industrial control, as in PLCs, SCADA systems, CNCs, and so on.)
One concern, however, is bubbling up to the top—how will all the gathered data be secured from hackers?
According to a report from Argus Insights, the conversation is shifting from what cool things can we connect to the IoT, to how do we secure all the data? In fact, security is becoming more of a concern than privacy, as well it should. Privacy implies a user has control over when and how data are shared. Security says a user doesn’t.
“Security concerns for consumers are definitely on the rise and this goes double for any enterprise deployments. Security issues are a real roadblock for IoT product acceptance,” said John Feland, CEO, Argus Insights.
Unfortunately, tested, viable security solutions are scarce. Typical solutions like a secure boot or encrypted connection only cover a few vulnerabilities.
Noted the Argus Insights report, the lack of good security software approaches among software vendors “forces engineers to integrate a confusing array of components from many sources only to find they do not play well together or impose an unwieldy demand on scarce system resources.”
This is a problem.
The unpopular reality is that we don’t really understand how to secure devices; this is new territory.
At the recent Disrupt New York 2016 conference, experts weighed in. The best way to lock down data is to not have access to it in the first place suggested Nate Cardoza, an attorney for the Electronic Frontier Foundation.
If you collect data, interested parties, such as hackers, organized crime, law enforcement (the recent FBI request to Apple, for example) and others will want access to it. Guaranteed.
So some are suggesting a zero knowledge model, where vendors (example: Apple) don’t have access to the data. As engineers and vendors navigate security, this model may become the preferred approach.
The bigger question, though, may be: Why are we networking everything? What, exactly, is the point? In some situations, the data may be useful. But everything? Just because we can? That’s sloppy thinking.
But vendors will continue to explore anything that can be connected to the internet. Martin Mickos, CEO of security firm HackerOne, has a suggestion for better security. In your design, shift to the open source model where you can invite others to help find vulnerabilities. That’s an interesting approach.
At the heart of the IoT concept is the idea that technology will solve all of our problems. If we just have enough data, we can figure it all out. What if that concept is backwards? What if it’s people, in the form of a “neighborhood watch,” rather than technology, that is the best way to ensure security?
Filed Under: Commentary • expert insight