View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

4 dilemmas in securing the IoT

Experts at the TechUK panel give their views.

By Alexander Sword

With the IoT set to expose an unprecedented amount of our, until now, private data, the pressure is on the industry to make sure security is taken seriously. CBR collected some thoughts on how this will be achieved from experts at Tech UK’s ‘Securing the IoT’ workshop.


1. Duncan Brown, Research Director of European Security at IDC, on IoT privacy:

"We have no idea about the social impact of collecting the data that we are talking about collecting: all of the health data, all of the sensitive data, all of the tracking data…the industry is focused on the technical security part of it but I think as an industry we do need to engage with the privacy side of the market as much as the technical aspect.

"I think we would do ourselves a disservice if we only focused on the technical aspects, as privacy is so important. It will be a key inhibitor in terms of adoption if the general population is not happy. There will [also] be geopolitical differences in terms of what people will stand in terms of their privacy."


2. Stephen Pattison, VP Public Affairs at ARM, on the role of government regulation:

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

"I don’t think anybody really wants the government involved [in regulation]…but I do wonder if there are other approaches, for example, mandatory breach notifications [requiring a company that has been breached to report this to consumers]. One place where they are mandatory is California where what it’s done is actually stimulate tremendous initiatives in improving cybersecurity.

"You as a company want to go the extra mile to avoid having to issue a notification. That kind of approach can sometimes stimulate the kind of ecosystem that is built around security by design but actually nudged by something that’s happened outside the ecosystem. I think there could be a role for government in nudging."


3. David Rogers, advisor to BIS, on investing in security for the long-term:

"We have the collective responsibility to ensure that the IoT security ecosystem in itself exists and that you give people a reason to purchase security. You [as suppliers] need to rail against this natural tendency to go for the lowest common denominator. We have a responsibility to be asking those questions and asking [the client] why they are not asking for security.

"If you’re on the other side of the house, you must ask the right questions to the suppliers in terms of why they’re not supplying secure products, because it will come back to bite you. The message to the CEO that, for whatever reason, decides that he needs to be connected is that if you make a cheap decision now it will be very costly in the future."


4. Sian John, Director of Security Strategy at Symantec on IoT security standards:

"In terms of standards, resilience is absolutely key when you getting into these sorts of things; it’s as important to keep the transport system going as it is to maintain its privacy. One of the issues with the IoT is it’s probably making availability as important as confidentiality and integrity. If you think about security, you’d probably make confidentiality more important historically.

"The challenge with compliance [with these standards] is that tick-box culture that comes. You tick a box, become compliant, and don’t actually think about whether that is improving the security. I believe in regulation of standards but not when it comes to ticking the box to pass that standard rather than doing it right."

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.