Getting security right for the Internet of Things

The internet of things (IoT) is going to be one of the main growth drivers in the telecoms market. Cisco predicts that by 2020, there will be 11.6 billion IoT-connected devices globally, greatly exceeding the projected world population of 7.8 billion. This number represents an average of 1.5 connected devices for each person on the planet.

The IoT consumer and enterprise markets offer great opportunities for stakeholders, with operators employing a connected strategy to deepen their customer relationships, and manufacturers switching from a product to service paradigm. However, before these opportunities can be fully realized, issues related to data management and security will need to be explored and resolved.

Data center

iot-graph-1

Source: Cisco

With the proliferation of devices, the amount of data created will expand exponentially; Cisco estimates IoT data to reach over two million terabytes, with a CAGR of 83% between 2015 and 2020, the highest of all categories. Storing that data will not be as problematic as first thought, because of the increasingly competitive market in the public cloud. Amazon, through Amazon Web Services, had taken the lead, but is now facing strong competition from global players like Alphabet, with its Google Cloud Platform, Microsoft with its Azure platform and more recently Oracle. The competition will increase storage capacities globally, at a competitive price for all parties. But storage represents just one aspect of the data collection argument.

In the context of the IoT, analytics is even more important than collecting and storing data, as these insights are the ultimate goal. Traditional cloud computing does not always provide the best platform to make those decisions, as the data needs to be moved to the data center, making it prone to latency and bandwidth issues.

With an increased amount of data created by connected devices, it is important to note that not all data is created equal. Some of it will need to be analyzed immediately, whereas some can be kept for later analysis. This differentiation by type of data means the creation of new platforms, such as fog or edge computing.

Fog computing, a concept created by Cisco, aims to bring cloud computing to the edge of the network, or to extend the cloud closer to the things (see table). It can do so thanks to fog nodes, present at the network edge, which create storage between the actual connected device and the data center. This process provides companies with instantaneous access to critical company data for analysis and action. IBM and Cisco are working together to bring such a product to market, stressing that the main issue remains with insight and analysis as opposed to storage and collection.

Source: Cisco

Source: Cisco

Data being discriminated for relevance will be need to be automated, and this will lead to the development of other technologies, such as artificial intelligence or machine learning, to decide which data must be analyzed immediately and which can be sent to the data center. Once data can be distinguished, the question will be raised as to whether everything must be stored and collected, and for how long, but the blanket collection of data leads to another key issue, security.

Security

Everything connected can be hacked. Symantec reports that in 2015 alone, at least nine mega-breaches involving more than 10 million records were reported, and more than half a billion personal records were either lost or stolen. These attacks are becoming more sophisticated and indiscriminate. From small and medium enterprises to large multinationals operating in either developed or emerging markets, all are vulnerable.

The spectrum of IoT includes networks, devices and data. The interconnection of these components creates a risk to the entire system if one is compromised. With more and more IoT devices entering the market, security becomes even more critical, as one breach could lead to a complete loss of consumer confidence in a system or a product.

Note: no 2013 data for new Malware Variants (mn). Source: Symantec

Note: No 2013 data for new Malware Variants (mn). Source: Symantec

It is worth noting that security is not linked to the size or the sophistication of the object connected. Hacking a connected car can have lethal consequences, but even a connected light bulb can cause major issues, as it can be a way into the entire home network. This means that all connected objects must have security embedded in the manufacturing process, otherwise known as security by design or by default, and also in the lifecycle of the object, by implementing over-the-air updates to ensure the latest threats can be nullified. The multitude of different objects does make it difficult and there is no one-size-fits-all approach. Ensuring security is costly. As a result, its more likely that the cheaper devices will be the most vulnerable, as security will not be built in, or updates will not be provided.

Technology may eventually create intermediary platforms able to recognize threats and isolate them or the device being targeted. Machina Research has identified four building blocks for higher security, which follow in that direction:

  • Threat intelligence and analytics: Threat intelligence will be driven by big data, and the evolution of machine learning technology will enable the detection of behaviors which diverge from the normal pattern, isolating potential threats. ƒ
  • Virtualization and hypervisors: As IoT converges with IT, virtualization will enable enterprises to isolate devices and applications within devices on a granular level, allowing for greater security. ƒ
  • Fog computing and intelligent gateways: A fog node, where the analytics will take place, can also act as an intelligent gateway and anchor for less secure devices, eliminating threat to the entire network. ƒ
  • Blockchain and distributed ledger: A distributed ledger can ensure the integrity of the data, as it will provide differentiation between various components based on their need for security, as well as restrict any components which may have been compromised.

Regulation will also have its role to play. So far, regulators have not issued any specific rules, preferring to showcase best practice and guidelines for companies looking to enter the IoT market. As the market has yet to reach maturity, regulators want to keep a balance so companies can continue to innovate in the market without the risk of top-down regulation. As the market continues to evolve, and the risks become more apparent, it will be necessary for regulation to be proactive, which could create some fragmentation in what is a global market.

About José Manuel Mercado

José Manuel Mercado is Latin American Industry Leader for Willis’ Technology, Media and Telecommunications pract…
Categories: Tech Media Telecom | Tags: ,

Leave a Reply

Your email address will not be published. Required fields are marked *