The Internet of Things and the security behind it.

Should we fear the Internet of Things?

Every day connectivity pushes technology to a new level – self-driving cars, remote monitoring of patients, drone deliveries and remote-controlled underground equipment, to name a few. All these amazing technology feats have two somewhat contradicting caveats in common – the internet and security. Can you imagine what would happen if any of these examples above were to be exploited by a hacker with nefarious intentions? Pure catastrophe. Considering the predictions, there will be more than 20 billion connected devices by 2023 (think mind-blown emoji). We cannot afford to fear IoT; we must increase efforts to secure it.

In 2016 the general security narrative was that we should almost be afraid of IoT. Renico Koen, Senior Security Manager at IoT.nxt® agrees but adds context to this eerie outlook on the revolutionary growth of IoT.

“Over the years, the Internet of Things had a bad reputation. We have seen many consumer-grade IoT devices in the last few years lacking proper security controls. Many of these IoT devices often cannot receive updates and are often running outdated firmware. Placing devices that lack proper security controls and security updates on the internet can be catastrophic” says Renico.

At that time, sounding alarm bells in the IoT industry was the right thing to do. While in contrast, almost five years later, I listen to Renico, who mentions detailed security controls in IoT products that the security and development teams at IoT.nxt® live by – security by design and privacy by design.

Today, IoT companies like IoT.nxt® ensure security controls are included in every logical system layer. The question, therefore, remains – if every aspect of the IoT product has a security control embedded from design, why does the general narrative of unsecured IoT still remain?

In this blog post, I’ll look to assure the reader that secure IoT solutions do exist. I’ll address the most common IoT security concerns that industry leaders suggest requires attention. I’ll then explore how IoT.nxt® assures its customers that enterprise security and privacy are part of their top priorities when designing, implementing and supporting IoT solutions.

IoT security concern 1 – Authentication and authorisation

Devices and humans would typically need access to and from other devices on a network. Authentication is the method of ensuring the device seeking access is indeed what/who it declares it is. At IoT.nxt®, industry-standard protocols are utilised to ensure the secure authentication and authorisation of trusted user accounts or application requests.

“We engage prospective customers to better understand their exact security requirements. We’ll then develop a security strategy tailored to each customer’s specific needs.” says Renico. Some older IoT products had a default username and password with no instructions to change it to something more secure; they probably still do. A popular online party trick is to ‘hack’ a smart device by figuring out its make and model and then consulting the online user manual for the username and password. Unsurprisingly, username: admin and password: admin reigns supreme! This is not the case with IoT.nxt® solutions – IoT.nxt uses industry-standard identity technologies. This simplifies authentication and authorization workflows and makes it possible to integrate with existing corporate infrastructure.

Verdict – Authentication: Secured.

IoT security concern 2 – Data confidentiality and privacy
IoT devices are inherently exposed to the internet. Unsecured IoT communications can be intercepted and manipulated by external threat actors. Exposing company or personal information is a disaster with damage to reputation, equipment, finances and even human life.

IoT.nxt®’s privacy by design philosophy assures the customer that only the private information authorised to be shared, stored or analysed will be. The IoT.nxt® platform also adheres to general privacy regulations like POPIA and GDPR. Data shared between a customer and the IoT solution hosted in the cloud benefits from the confidentiality protection and the restricted access agreed on.

Verdict – Data confidentiality and privacy: Assurance guaranteed.

IoT security concern 3 – Data security while in transit
IoT solutions are sold on the back of one fundamental benefit – the ability to see and access your ‘things’ from anywhere. This benefit precludes the worrying fact that your data must travel from your ‘things’ over the internet to your devices. See the concern in that? Anything exposed to the internet has to be secured at all times. Your data might be secure while inside your network. It will be secured by default when inside the IoT.nxt® managed cloud. But what about the time during transport from your network to the cloud?

IoT.nxt® solutions encrypt all communications from the customer to the cloud solution as a standard. This ensures the confidentiality and integrity of data in transit.

What if some of the devices on your private network have vulnerabilities? Older, less secure devices in manufacturing environments could be targeted by an attacker if directly exposed to the internet. With IoT.nxt®’s smart Raptor™ gateways, legacy and newer technologies can connect to the gateways, which establishes a secured communications link for sharing data with applications in the cloud or within an enterprise network.

Verdict – Data security while in transit: Secured.

IoT security concern 4 – Security firmware updates
As mentioned earlier, the biggest reason why older IoT devices were proven to be unsecured was because of a lack of regular security updates. IoT.nxt® development and security teams spend many hours trying to find security vulnerabilities on each of the software updates for their IoT solutions. Penetration testing, also known as pen testing, is conducted before releases as another assurance to customers that the IoT solutions are indeed hardened and every effort has been taken to ensure known vulnerabilities are curbed. IoT.nxt® also provides ways to seamlessly update their devices and services, thereby ensuring that their services are up-to-date with the latest updates released by IoT.nxt®.

Verdict – Security firmware updates: Secured.

In conclusion, it would certainly seem that much progress has been made when securing IoT devices. From the sensor data right up to the hosting (physical hardware onsite or a cloud tenant) and the customer interacting, transacting and viewing their data – the IoT involved in this process is secured.

As with any security strategy, it remains a question of when… when an attack occurs what we will do? Well, IoT.nxt® will commission an incident response team made up of skilled cybersecurity practitioners dedicated to isolate the attack and minimize damage suffered, should an incident ever occur.

I certainly think it’s safe to say that IoT is secure when the concerns above have been addressed. It has come a long way from being feared. In fact, if customers intend to digitalize their organizations and join the 4th Industrial Revolution, secure IoT solutions that embody the security and privacy by design philosophy should be embraced.

Be sure to check out the class-leading, secure IoT solutions from IoT.nxt® or contact us today.

 

Innovation is about looking three years into the future

IoT.nxt Andre Jacobs

IoT.nxt Chief of Product Engineering, André Jacobs, won the 2020 IITPSA Technology Excellence Award* last month. We asked him about his career, the innovation culture of IoT.nxt and more.

What does winning this award mean to you?

I think it will mean more for our company. In months and years ahead, people will remember that someone won an award for the technology of IoT.nxt and I believe being recognised for this award, might potentially attract great talent to our company. People who want to work in an environment where innovation is a core value and where teams look to the future and uses technology to achieve a great outcome for business. This award will help us attract those tech talent, which I am very excited about. Also, it is great to receive recognition from my peers in the industry.

If someone asks you what is the one thing that is a standout innovation that you and your team developed since the establishment of IoT.nxt in 2015, what would that be?

The development of our Commander IoT Platform is huge for us. Commander has grown from a single instance deployment to being deployed in many countries across the world, running many customer instances. It has become a very scalable IoT platform, with many features supporting many diverse business verticals.

In addition, there are many different micro-innovations throughout the full IoT stack that we developed. The Raptor is of course a key element – the way it is designed to integrate with any device is a stand-out feature. The recently developed Virtual-Raptor – we called it VRaptor – is also something very unique in the IoT world. This virtual edge layer is becoming a key element of what we offer, of what customers need to truly scale IoT deployments, deployed closer to the edge to handle the volume of traffic at a much low latency and paving the way to handle 5G data volumes.

How do you keep the commitment to innovation alive?

We consistently look at new ways to do things. When we develop something new, we not only focus on what a customer wants us to do, but we think of the things the customer has not thought of yet, anticipate what they will need in the future. We look at least two to three years ahead, anticipating what our future customer will need from us.

How did you become involved in technology and what attracted you to this career?

I sold my first computer program when I was twelve years old. At the time there was no internet, and I sold my program to a magazine. They would print the program source code listing in the magazine for people to manually type in or if you paid extra the magazine would send you a disk with the program and source code on it. From there it was just a natural thing for me, to develop software, I never really thought about doing anything else.

Is working at IoT.nxt and the work you do a highlight of your career?

Absolutely. I have worked in a corporate environment and also at a few start-ups. All my previous experience and the diverse projects I worked on led up to what I, with our tech team, have been able to develop at IoT.nxt. Creating the IoT platform and building the tools that our channel partners can present to their customers is very satisfying. Working with very smart people on a project I really enjoy is definitely a highlight for me.

Sustainability has become a global theme for business and governments. How can technology support sustainability goals?

Working towards that is the essence of what we do. Most of the applications that we have been involved with is focused on optimising savings for our customers. Companies save and use less, which is good for the environment. We help companies reduce and make them leaner, which contributes to achieving sustainability goals. Also, because our solutions are designed to interface with legacy systems, it reduces consumption as companies do not need to replace existing equipment in order to get the benefits that using IoT technology delivers.

Do we have exceptional tech talent in SA?

Absolutely. Although there is a demand for the country’s technology skills, what I have found is that the people who work with IoT.nxt enjoy working on something that is meaningful, creating something that has not been done before.

*The award is presented by IITPSA in association with ITWeb and the Gordon Institute of Business Science. It recognises a person or team who has made exceptional / innovative use of information technology or has designed an innovative new technology for an organisation and has exhibited technological excellence that has delivered measurable benefit for business and / or the SA economy.

This is the most recent award for IoT.nxt. Earlier awards:

  • IoT World awards USA 2020: Nomination for Best IoT Energy Solution
  • Intel: MRS Solution & IoT Alliance Partner 2020
  • Dell Preferred Partner 2020
  • Da Vinci tt100 2019 Management of Technology Award for Medium Enterprises
  • Microsoft best Independent Software Vendor (ISV) partner 2019 and finalists in a further 8 categories.
  • Categorised as a notable vendor for IIoT in Gartner Magic Quadrant for IoT Platforms report, July 2019.
  • nxt founding CEO and now director, Nico Steyn, was a finalist for the IITPSA SA IT Personality of the Year Award in 2017 and 2018.
  • HPE OEM solutions partner.
  • IBM Business Partner for Channel Rewards.
  • Microsoft Gold Partner: Cloud Platform 2018
  • Microsoft Gold Partner: Data Platform 2017
  • Overall Winner and Best Commercial Solution 2017 MTN Business IoT Awards South Africa.
  • Finalist in the Da Vinci tt100 innovation index for Emerging Enterprises in 2016.
  • nxt was selected by global consulting giant Gartner as one of six African aspiring innovators ahead of Gartner’s Symposium/ITXpo held in Cape Town in September 2016.