Should we fear the Internet of Things?
Every day connectivity pushes technology to a new level – self-driving cars, remote monitoring of patients, drone deliveries and remote-controlled underground equipment, to name a few. All these amazing technology feats have two somewhat contradicting caveats in common – the internet and security. Can you imagine what would happen if any of these examples above were to be exploited by a hacker with nefarious intentions? Pure catastrophe. Considering the predictions, there will be more than 20 billion connected devices by 2023 (think mind-blown emoji). We cannot afford to fear IoT; we must increase efforts to secure it.
In 2016 the general security narrative was that we should almost be afraid of IoT. Renico Koen, Senior Security Manager at IoT.nxt® agrees but adds context to this eerie outlook on the revolutionary growth of IoT.
“Over the years, the Internet of Things had a bad reputation. We have seen many consumer-grade IoT devices in the last few years lacking proper security controls. Many of these IoT devices often cannot receive updates and are often running outdated firmware. Placing devices that lack proper security controls and security updates on the internet can be catastrophic” says Renico.
At that time, sounding alarm bells in the IoT industry was the right thing to do. While in contrast, almost five years later, I listen to Renico, who mentions detailed security controls in IoT products that the security and development teams at IoT.nxt® live by – security by design and privacy by design.
Today, IoT companies like IoT.nxt® ensure security controls are included in every logical system layer. The question, therefore, remains – if every aspect of the IoT product has a security control embedded from design, why does the general narrative of unsecured IoT still remain?
In this blog post, I’ll look to assure the reader that secure IoT solutions do exist. I’ll address the most common IoT security concerns that industry leaders suggest requires attention. I’ll then explore how IoT.nxt® assures its customers that enterprise security and privacy are part of their top priorities when designing, implementing and supporting IoT solutions.
IoT security concern 1 – Authentication and authorisation
Devices and humans would typically need access to and from other devices on a network. Authentication is the method of ensuring the device seeking access is indeed what/who it declares it is. At IoT.nxt®, industry-standard protocols are utilised to ensure the secure authentication and authorisation of trusted user accounts or application requests.
“We engage prospective customers to better understand their exact security requirements. We’ll then develop a security strategy tailored to each customer’s specific needs.” says Renico. Some older IoT products had a default username and password with no instructions to change it to something more secure; they probably still do. A popular online party trick is to ‘hack’ a smart device by figuring out its make and model and then consulting the online user manual for the username and password. Unsurprisingly, username: admin and password: admin reigns supreme! This is not the case with IoT.nxt® solutions – IoT.nxt uses industry-standard identity technologies. This simplifies authentication and authorization workflows and makes it possible to integrate with existing corporate infrastructure.
Verdict – Authentication: Secured.
IoT security concern 2 – Data confidentiality and privacy
IoT devices are inherently exposed to the internet. Unsecured IoT communications can be intercepted and manipulated by external threat actors. Exposing company or personal information is a disaster with damage to reputation, equipment, finances and even human life.
IoT.nxt®’s privacy by design philosophy assures the customer that only the private information authorised to be shared, stored or analysed will be. The IoT.nxt® platform also adheres to general privacy regulations like POPIA and GDPR. Data shared between a customer and the IoT solution hosted in the cloud benefits from the confidentiality protection and the restricted access agreed on.
Verdict – Data confidentiality and privacy: Assurance guaranteed.
IoT security concern 3 – Data security while in transit
IoT solutions are sold on the back of one fundamental benefit – the ability to see and access your ‘things’ from anywhere. This benefit precludes the worrying fact that your data must travel from your ‘things’ over the internet to your devices. See the concern in that? Anything exposed to the internet has to be secured at all times. Your data might be secure while inside your network. It will be secured by default when inside the IoT.nxt® managed cloud. But what about the time during transport from your network to the cloud?
IoT.nxt® solutions encrypt all communications from the customer to the cloud solution as a standard. This ensures the confidentiality and integrity of data in transit.
What if some of the devices on your private network have vulnerabilities? Older, less secure devices in manufacturing environments could be targeted by an attacker if directly exposed to the internet. With IoT.nxt®’s smart Raptor™ gateways, legacy and newer technologies can connect to the gateways, which establishes a secured communications link for sharing data with applications in the cloud or within an enterprise network.
Verdict – Data security while in transit: Secured.
IoT security concern 4 – Security firmware updates
As mentioned earlier, the biggest reason why older IoT devices were proven to be unsecured was because of a lack of regular security updates. IoT.nxt® development and security teams spend many hours trying to find security vulnerabilities on each of the software updates for their IoT solutions. Penetration testing, also known as pen testing, is conducted before releases as another assurance to customers that the IoT solutions are indeed hardened and every effort has been taken to ensure known vulnerabilities are curbed. IoT.nxt® also provides ways to seamlessly update their devices and services, thereby ensuring that their services are up-to-date with the latest updates released by IoT.nxt®.
Verdict – Security firmware updates: Secured.
In conclusion, it would certainly seem that much progress has been made when securing IoT devices. From the sensor data right up to the hosting (physical hardware onsite or a cloud tenant) and the customer interacting, transacting and viewing their data – the IoT involved in this process is secured.
As with any security strategy, it remains a question of when… when an attack occurs what we will do? Well, IoT.nxt® will commission an incident response team made up of skilled cybersecurity practitioners dedicated to isolate the attack and minimize damage suffered, should an incident ever occur.
I certainly think it’s safe to say that IoT is secure when the concerns above have been addressed. It has come a long way from being feared. In fact, if customers intend to digitalize their organizations and join the 4th Industrial Revolution, secure IoT solutions that embody the security and privacy by design philosophy should be embraced.
Be sure to check out the class-leading, secure IoT solutions from IoT.nxt® or contact us today.