- Listen to our monthly AppSec Stats Flash podcast
- LEARN MORE
Internet of Things (IoT) is one of those terms that conjures up a wealth of opportunities, as well as some daunting challenges. Embedded sensors in devices such as cars, kitchen appliances, home security systems, heart monitors, fitness bands, and smart watches can definitely make life easier. But collecting, using, and sharing this kind of information over the Internet can make data security, and even personal safety, an enormous concern.
IDC’s global 2016 survey illustrates both the promise and the growing pains of IoT. For 56% of enterprises, IoT is part of their strategic plans for the next two or three years. But the state of adoption varies widely among industries, with manufacturing, retail, and financial services on the cutting edge, and government, healthcare, and utilities moving more slowly. For these latter industries, complying with regulations is an essential part of adoption.
Because IoT can provide an avenue for hackers to penetrate connected cars, critical infrastructure, and even people's homes, several tech companies are focusing on cyber security in order to secure the privacy and safety of IoT data.
Imagine your car suddenly being taken over and driven remotely. Or your home security system being hacked so that it spies on you and your family. These kinds of possibilities are enough to make consumers think twice about the promise of IoT. They are also opening the eyes of the vendor community to the dangers of connecting products when IoT security is not adequately understood and addressed.
If the great potential of IoT can only be realized when basic security safeguards are in place, what should those safeguards be?
At the most basic level, IoT security must encompass the complete system surrounding an IoT device or connected product. This includes mobile and web apps, servers, databases, and integrations with other systems:
At a macro level, it also includes:
· The ability to address potential security vulnerabilities in IoT devices or applications through patching and security upgrades throughout their lifecycle
· Common industry definitions so consumers know what they are getting as they add IoT to their everyday lives
Because these last two represent such widespread concerns, NTIA is planning to launch a new multi-stakeholder process to support better consumer understanding of IoT products that support security upgrades. The goal will be to promote transparency in how patches or upgrades to IoT devices and applications are deployed, and also a set of common, shared definitions and tools.
These simple steps will go a long way toward making IoT devices and their users more secure:
As we realize the Internet of Things’ enormous potential, let’s give ourselves the best shot at an innovative and secure experience for everyone connected to the IoT world.