The boom of the Internet of Things (IoT) has marked a new era in data processing, and inevitably brings additional concerns regarding cyber security. As a system that involves billions of connected devices generating data from a multitude of locations and platforms simultaneously, the IoT expands the possibilities for hackers to exploit its vulnerabilities.
So far, increased security risks have mainly been discussed in relation to enterprises and large organizations. However, individuals are growingly becoming aware of the issue, as well. Namely, most of the people who use IoT-enabled devices feel that these solutions are not really safe, even though they continue relying on them in their everyday lives.
With the prevalent awareness of security flaws in IoT devices, manufacturers need to rethink their strategies for marketing their products, and have an entirely new perception on the issue of security.
Guest article by Justin Strackany, Chief Customer Officer at SecureLink
Consumers are aware of the IoT risks
In relation to a growing awareness of IoT risks, a recent survey by Auth0 suggests that 52% of consumers don’t believe IoT devices have the necessary security in place. Nevertheless, for 51% of them, this is not really an impediment to using IoT solutions at home, work, or anywhere else they can be implemented.
In the society to be tied to 6.4 billion IoT devices in 2016, this discrepancy should be a major concern. Furthermore, an alarming finding from the research is the fact that 90% of developers doubt that IoT devices currently available are properly secured. In most cases, working on security features results in slower time-to-market, often resulting in products being launched without the right security components in place. Shockingly enough, this is confirmed by 85% of developers surveyed by Auth0, and offers a whole new perspective on IoT security issues.
“Business needs to change the way it views security. No longer is it a cost center, but a way to build trust and draw users to a product,” said Jon Gelsey, Auth0 CEO.
A similar suggestion was given earlier this year by Emma Ban in relation to a Ponemon Institute/IBM study that found that mobile app developers do no invest enough in mobile security. Explaining how this can hurt the entire digital ecosystem, Ban noted: “From an original equipment manufacturer perspective, manufacturers must change the pattern by focusing on security from the product design stages. Where there is interconnection between products, manufacturers should work closely to ensure secure connectivity at every level.”
Many analysts agree that a large-scale change is needed in the mindset of those currently responsible for equipping the world with wearables, mobile devices, and smart home items. However, a great deal of responsibility is still with enterprise adopters increasingly powering the workplace with IoT solutions.
With organizational great power, comes great responsibility
Enterprise security has become astonishingly complex after the great shift to mobile devices, cloud storage, and a remote workforce. A modern organization, therefore, needs to implement a set of solutions in order to ensure maximum data security and create a credible image of itself in the target market.
Namely, as consumers and clients increasingly expect providers to demonstrate their ability to meet general safety standards, organizations need to rethink their security and privacy policies. Therefore, for enterprises in the IoT age, this means choosing the right security solutions for all critical business processes, from remote access software to encrypted collaboration solutions.
For software developers, on the other hand, there are several golden rules related to testing, implementation, and distribution of IoT products, with an aim to enhance security features. Recently, even a set of standards intended to ensure reliability, performance, and maintainability was approved in order to enable developers to certify IoT products and networks easily. This is probably one of the most important initiatives we have seen in the last few years, and represents a big step for the future of IoT security.
Even with the new security certifications, however, the IoT remains a highly complex field that requires a considerable effort in order to be made secure. A greater awareness about emerging issues is only the first step to creating a more stable ecosystem, but the real solution may be changing the attitudes towards the use and production of IoT devices and networks. Finally, it is clear that a great change in perception of IoT security needs to happen in order to start producing devices that minimize security risks.