View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Responsibility in the IoT: Why security can’t be treated as an afterthought

Security is simply too important to be treated as an afterthought in the IoT.

By James Nunns

The IoT has become part and parcel of our everyday lives. It connects customers with their favourite brands, increases the efficiencies of business operations, and even manages airport passenger flows.

However, as these changes unfold before our eyes, the true value of the IoT has yet to truly surface. As a recent BI Intelligence study predicts, the IoT will release nearly 25 million connected smart devices into the sphere by 2020. Considering the achievements made so far, who knows what the potential benefits could be derived over the coming years.

Paul Madsen, senior technical architect at Ping Identity.

The spanner in the works, as is so often the case in our increasingly digitised and technical world, is that of security – currently presenting the primary obstacle to IoT adoption. This shouldn’t be seen as a surprise given that, according to Forrester, more than half a million IoT devices face being compromised this year.

Clearly this is concerning, emphasising how frequently cyber-attackers are gaining access to data or performing operations by imitating valid users. The statistic also highlights the critical nature regarding IoT authentication. That is, if you are unaware of the device you are connecting with, then protecting the potentially sensitive data being shared or the transactions being conducted, becomes very difficult indeed.

Compromised data security can have devastating consequences such as monetary loss, confidentiality leaks and potential health record tampering. An increasing number of data hacks have been hitting the headlines in recent years after a number of high profile breaches. This includes perhaps the biggest known data breach of all time that was recently announced by Yahoo, revealing that one billion of its user accounts were hacked in August 2013.

In the IoT world however, a breach has the potential to be life threatening. For example, a driverless car could cause a fatal accident, or home medical equipment could stop providing life-sustaining aid. Whereas in the past the primary concern was typically the confidentiality of data, in the IoT it’s the integrity of this data that may present the greatest risk.

Current IoT devices, from smart locks to health trackers, must have digital identities. When connected to individual identities, the tangible benefits of the IoT becomes apparent. Vast quantities of data generated are utilised to garner crucial insights leading to more tailored customer experiences and improved efficiencies.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

With data access and sharing, however, comes the dilemma of privacy. Recent research released by Altimeter revealed how concerns regarding privacy topped the charts on the list of worries people had when it came to connected devices in the IoT. Consumers are increasingly expressing concerns over the visibility of their data and who exactly has access.

As such, organisations need to effectively implement regulatory and company policies across all smart devices. Furthermore, they must obtain and apply consumer preference and consent details as data is shared with partners across the wider IoT environment. Most importantly, businesses must have the technology available to adequately secure, manage and responsibly utilise user data without violating privacy.

It requires more than simply adding security capabilities to existing employee IAM systems if the current challenges are to be truly addressed. While based on the same principles, Identity management for the IoT creates new challenges compared to customer identity or workforce management. Organisations require an IoT idM solution that can provide the following key security capabilities:

  • Relationships – Between entities & users are essential, and must be monitored over their full lifecycle.
  • Adaptive authentication and policy-based data access governance – Helps in establishing finely tuned, contextual control.
  • End-to-end encryption – Ensures data is secured at the network and the device, as well as everywhere else along its journey.
  • Extreme scale, performance and availability – Reliably handles the massive volumes of data the IoT generates.
  • Full-featured privacy, preference and consent management – Fully ensures users can control their IoT experiences.

Aside from the necessity of protecting user data through effectively securing devices, there is a genuine opportunity to create new methods of authenticating users via the devices in the IoT. Two and Multi-factor authentication methods used on our smartphones provides an early example of this trend. The smartphone makes a strong authentication device because, for most users, it is always in their possession so easily accessible. Being tightly bound to a user is arguably even more true of the emerging class of wearables used to monitor people’s fitness, sleep and other personal metrics.

Security is simply too important to be treated as an afterthought in the IoT. If security features are added on like an extra coating of paint to existing identity management solutions, important capabilities will likely be missed. Securing identity data for IoT environments is complex, so it must be an underlying part of the IAM infrastructure. We’ve only just scratched the surface of the IoT. To realise its full potential, we need to make sure to get its security right from the beginning.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.