Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.
AI, Edge, and IoT Demand a Software-Centric Approach
As edge computing and IoT continue to evolve, security risks take shape in the software supply chain.
4 Min Read
Arsenii Palivoda via Alamy Stock
The Internet of Things has evolved significantly since its inception, connecting physical devices for data transfer, communication, and remote control. Early use cases focused on collecting environmental data, such as temperature, humidity, vibration, flow, pressure, and movement, and transmitting it to a centralized server for processing and analytics.
The primary goal was to gain more real-time visibility into data, eliminating the need for manual human supervision and automating anomaly detection through predefined policies and thresholds.
As the number of connected devices increases exponentially, one thing has become clear: Organizations need a modern DevSecOps-centric approach to support advanced IoT initiatives and take control of software supply chain security.
Virtually Everything Operates Via Software
The number of connected IoT devices has surpassed the global population and active IoT devices could double by 2030. In recent years, several technological revolutions have paved the way for more sophisticated IoT use cases, enabling devices (or "things") to operate autonomously and make decisions locally based on the collected data. Some of the most important advancements include:
More capable sensors and diverse data. Higher-quality data enables “things” to see, listen, and sense their surroundings. Autonomous use cases such as vehicles, drones and collaborative robotics often require a combination of multiple sensing technologies to diversify the collected data set and enable the deployment of more sophisticated AI systems to ensure reliability under various conditions.
Upleveled hardware and distributed computing. In the past, IoT data processing and analytics took place in centralized servers due to the resource-intensive nature of high-performance computing. Advancements in multi-core processing have enabled the ability to execute workloads directly on devices, enabling real-time operations. This creates several benefits in deployment flexibility, scalability and data privacy.
Microservices-based software applications with embedded AI. The distributed computing paradigm has amplified the need for modern software development practices and processes. Microservice-based applications create flexible deployment options, allowing mission-critical services to be deployed closer to data sources while non-critical workloads can be centralized.
IoT devices have progressed to new levels of intelligence, making it increasingly important to proactively and automatically maintain and update device software to remain secure, reliable, and up to date with the latest features, security patches and improvements.
Gaps in a Cybersecurity Posture
The software supply chain has become a critical attack vector. Like any other computing device, IoT devices use multiple software components to carry out tasks. These components require regular updates to fix bugs, introduce new features and address security vulnerabilities to prevent potential security threats. Neglecting updates can result in unaddressed vulnerabilities, making devices exploitable by attackers.
In the IoT context, software vulnerabilities in a single component can compromise an entire system; an attack on an IoT device is often aimed at compromising the larger system. For example, an attack on a security camera, which communicates with smart assistants on the backend, could be utilized to unlock connected doors. Devices are also increasingly exposed to malicious attacks when the underlying hardware is no longer compatible with the software to ensure protection. Consider a situation where an unmanaged software vulnerability could allow a malicious actor to take control of your vehicle. Gartner predicts that 45% of software supply chains will be attacked by 2025.
Not surprisingly, many organizations lack confidence in their ability to defend against cyberattacks, primarily due to the absence of standardized and cohesive regulations worldwide. Further, software update practices for IoT devices lag traditional software development, compounding this issue. This challenge is exacerbated by the dynamic nature of the IoT landscape and its diverse applications, coupled with the relentless pursuit of malicious actors constantly looking for new ways to attack systems.
Organizations themselves bear the responsibility of implementing security best practices and guidelines to take over the control of their software supply chain security. This starts from software curation and vulnerability detection and extends across the full software lifecycle from development to device.
IoT solutions generate and handle substantial amounts of data, necessitating a heightened emphasis on reliability and scalability. They also emphasize the ability to apply automation in registering, deploying, updating, and supporting these intelligent edge devices at scale.
It’s important for IoT service providers to foster a close collaboration among software development, security, operations, and data science teams to drive innovation while upholding systems’ reliability, performance, and security. This collaboration will make it easier to incorporate security into IoT devices by design and by default (a shift-left mentality) versus by response, with the goal of making the systems free of exploitable vulnerabilities.
About the Author
You May Also Like
More Insights
