The IoT: Time to Get it Right - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Data Management // IoT
Commentary
11/1/2016
08:00 AM
50%
50%

The IoT: Time to Get it Right

The Internet of Things security issues seem close to creating panic in the streets. So, maybe It's time to do IoT security the right way, baked in.

Somehow the Internet of Things has gone from being a miracle drug for every business, energy, security, transportation, and residential problem to The Plague.

In some dreams, the IoT was the cure-all that would give us everything we wanted to know about a customer based on their shopping pattern, their home activities, and their travels. Those same dreams presented the IoT as the ultimate in an operational efficiency tool for businesses.

Credit: Pixabay
Credit: Pixabay

Are those dreams dashed now that IoT devices have been blamed for the recent distributed denial of service (DDOS) attack on Internet management company Dyn? That attack brought down a lot of websites, particularly in the eastern United States. Maybe it was a sign of a pending return of the Black Death seven centuries later.

Or maybe the IoT needs be to be judged in the same way that pro athletes are evaluated: Not really as good as they are on their best days, and not as bad as they are on their worst.

We will be looking more closely at the IoT throughout November.

However, the analyses of the Dyn incident raised some points that are important to keep in mind as we go through this first week of November with our All Analytics Academy program Data Privacy for All, for You.

The Internet traffic that overwhelmed Dyn often came from relatively low-cost consumer devices that were easily targeted with the malware that joined the attack. They didn't have what some call "baked-in security," protection designed in from the start. If you entrust your home, your business, even your family to something like a $100 security system, you get what you pay for.

Security company Forescout has an interesting paper that details the vulnerabilities of seven common IoT devices. In most cases the vulnerabilities turn out to be pretty apparent, and could be fixed with a little extra work at the design phase: flaws such as weak or non-existent credentials or a lack of encryption on IP-connected security cameras.

This "baked-in security" goes hand-in-hand with our A2 Academy session scheduled for Thursday, when Greg Reber of AsTech Consulting will present best practices in "baked-in privacy". (The Academy program opens today with a presentation on customer privacy by Sagi Leiserov of Ernst and Young). You see, all of those IoT devices that could be used to launch a DDOS attack also could be feeding your private information to someone with evil intents. That information could be your company secrets, personal data about employees, or the financial data of customers.

Greg Reber
Greg Reber

One thing we know about baked-in security or privacy is that it makes sense. It's exactly what we wish the folks at Microsoft had done with Windows many years ago, and what we want from mobile apps, corporate devices, and home automation technologies.

Common sense says that we should have baked-in security, but dollars and cents say that we don't. As tech buyers we are as guilty as those companies that build or sell technology. Whether we are buying for ourselves or a giant enterprise, we want technology to be cheap, easy to use, and available now.

Our rush to buy, our distaste for measures like complicated authentication, and our penny pinching justify our tech suppliers' attitude of "just get it to market".

The sad part about what is happening right now with the IoT is that we've known from the start that the IoT presented an opportunity to do it right. We had a chance to redesign networks, build in authentication, and isolate unrelated devices and applications from each other. Instead, we get to wonder who can see what that security camera sees, and where that retail store beacon data really is going.

Maybe it's not too late to tighten up IoT security, to do it right from the start. Lets get off on the right foot by heeding the advice that Greg Reber shares in the A2 Academy on Thursday. Remember, cheap, easy, and available is no way to go through life.

 

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Slideshows
What Digital Transformation Is (And Isn't)
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/4/2019
Commentary
Watch Out for New Barriers to Faster Software Development
Lisa Morgan, Freelance Writer,  12/3/2019
Commentary
If DevOps Is So Awesome, Why Is Your Initiative Failing?
Guest Commentary, Guest Commentary,  12/2/2019
White Papers
Register for InformationWeek Newsletters
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Video
Current Issue
The Cloud Gets Ready for the 20's
This IT Trend Report explores how cloud computing is being shaped for the next phase in its maturation. It will help enterprise IT decision makers and business leaders understand some of the key trends reflected emerging cloud concepts and technologies, and in enterprise cloud usage patterns. Get it today!
Slideshows
Flash Poll