Addressing IoT security risks to pave the way for innovation

May 28, 2015 12:00:00 AM

To-Increase-Corporate-Pic-18-1-1

The internet of things (IoT) is growing so quickly and in so many directions that it might be too easy for companies to overlook legitimate concerns about the security of data, devices, and services. So far, there is no single, universally accepted standard to define IoT security. However, solid best-practice guidance is available from the industry leaders. As you prepare and deepen your IoT involvement, your innovation and revenue planning needs to go hand-in-hand with designing and implementing effective security features in your IoT offerings.

Finding the right balance of connectedness, information-sharing, and security

During the fourth industrial revolution, traditional boundaries between companies and industries will give way to greater openness. Today already, when customers discuss with me, for instance, how the IoT could help them improve the performance of their machinery by providing them and their equipment vendor with performance data, most of them are very open to the increased porousness of organizational thresholds that comes with that—as long as there is a practical benefit from such extensive information-sharing.

Nonetheless, companies need to address the risk that comes with increased exposure of business data across organizations and networks. Analysts at Gartner caution that many companies are not taking IoT security seriously enough and instead give priority to usability and short time-to-market. Recently, the Federal Trade Commission in the U.S. offered guidance for IoT security in the consumer realm. It remains to be seen whether a combination of industry initiatives and regulation can result in strong security protocols that can keep the data flows in systems of systems [link to first blog post in this series] going while maintaining the integrity of the data exchanged.

The need to overcome security compromises

Among the main IoT risks identified by experts, unauthorized information disclosure and network bandwidth problems figure prominently. IDC forecasts state that 90 percent of all IT networks in the world will over the next two years experience a security breach that exploits IoT-connected devices. Also according to IDC, half of the world’s IT networks that today have excess bandwidth to handle additional data and devices in the IoT will have exhausted that capacity. Close to 10 percent of them will be overwhelmed by IoT data traffic. A study by HP found, among other results, that 70 percent of IoT devices used unencrypted network services and the same number failed, along with their cloud and mobile application components, to identify valid user accounts through account enumeration. 80 percent of the IoT devices did not require secure passwords of sufficient length and complexity. As Microsoft’s Tim Rains, Chief Security Advisor of the Worldwide Cybersecurity and Data Protection group points out, additional challenges include manufacturers’ ability to make updates and change configurations of IoT sensors in response to security shortcomings and attacks. What’s more, some of the IoT devices that have already been distributed have poor security capabilities or are used in scenarios that overtax their security features.

Io T Security

Creating IoT security standards and accountabilities

As the IoT in some ways echoes the history of the internet, several security standards and initiatives for the IoT currently exist. They include the Open Interconnect Consortium, the Industrial Internet Consortium, AllJoyn, and Thread. In so far as each of these is driven by a single company or a handful of companies with their agenda and competitive interests, they are also limited, because they are far from encompassing a majority of the IoT providers and their offerings.

In response to IoT-related security challenges, companies need to update their data protection and policies. For some organizations, this may entail that they will define for the first time the role of a chief information security officer and provide it with budget and the ability to take action. As security experts have explained, IoT security is highly complex and involves several layers, from manufacturing of the sensors and devices, through distribution, to their use in businesses or households, each of them with its own security requirements.

Data lifecycle integrity planning

If you are ready to make the IoT part of your business model, you need to plan carefully to ensure the integrity of data, devices, and cloud services. Microsoft IoT guidance and best practices emphasize that devices, software, and services need to ensure appropriate security and privacy of data throughout the lifecycle of IoT devices, and offers its Security Development Lifecycle as a blueprint. IoT devices and services need the most advanced encryption protocols; simpler IoT devices that cannot perform their own encryption could be connected to an encrypting intermediary device before their data is broadcast. IoT devices also need to have the ability to receive security updates reliably and automatically, with minimal administrator assistance.

What are your security concerns related to the IoT, and how are you planning to address them? I would appreciating hearing about your ideas and concerns. Get in touch with me or contact To-Increase

 

Do you want to get started today? Start your transformation into the cloud today with our free whitepaper. 

Download The Whitepaper

 

Share this message
About Author
Luciano Cunha

Luciano Cunha

Chief Executive Officer (CEO) For Luciano, being responsible for To-Increase’s global sales and marketing means unleashing the company’s insight, innovation, and creativity to tell our story and help customers achieve their goals. On the road much of the time, he travels the world to meet with customers, understand their challenges and ambitions, and find the most effective ways to help them advance. Luciano develops and mentors our marketing and sales team, and creates strategies to help the To-Increase worldwide partner channel thrive and grow.
Making Customer Needs the Main Business Driver Luciano and his team have daily conversations with the To-Increase research and development organization to bring customers’ requirements and concerns into the road maps and design of our solutions. Luciano brings his insight to the marketing group to make sure the company’s communications resonate with customers and speak directly to their experience.
“I’m awed by customers’ innovative spirit in taking business management technology past its limits and by their generosity in letting us participate and empower them. I hope to transform our organization to become even more customer-centric than we are today. That means making more resources available to spend productive time with both our customers and partners, so we can ensure that we place into customer businesses effective solutions that fit the evolutionary stage of their operation and the way their people and processes work.”
Empowering a Global Channel
Because To-Increase only sells through partners, readying the channel to be successful in helping customers is a business-critical effort. Luciano aims to meet partners where their interests are. Partners who consider the relationship with To-Increase strategic can rely on our industry specialists to work with them as they plan their growth and serve customers. If partners prefer a less collaborative relationship, they still receive the rich To-Increase expertise and resources to ensure they win the business, perform a successful deployment, and retain a satisfied customer. In working with partners and their customers, Luciano brings to bear his experience of many years of creating successful, customer-focused business development and marketing strategies in many of the world’s countries and regions.
Enabling Customer Success in Challenging Business Environments
Looking into the near future, Luciano expects that customers will continue to expect To-Increase to help them make business sense of unfolding trends and technologies. For example, the internet of things (IoT) will thoroughly revolutionize manufacturing, engineering, and supply chains. Big data will be meaningful and valuable when decision-makers can use technology solutions to transform it into actionable business intelligence that supports key roles and business processes. Mobility will help companies become digital enterprises and move business processes forward from any location, at any time. Team To-Increase harnesses innovation to help customers translate the promise of these technologies into business results.
Before his current role, Luciano for several years was one of To-Increase’s global industry directors, responsible for our industry solutions. His experience also spans more than 17 years in IT and manufacturing management roles. These positions took him into various areas at IBM Brazil, serving as product manager for several software development companies, and included working in senior management at a manufacturing organization in the U.S.
Luciano is married with two young children. Away from work, he enjoys participating in a soccer class together with his son and daughter as well as taking relaxing walks in natural environments with his family.

Get In Touch

Related Blogs

Feb 28, 2019 10:59:50 AM
Jul 28, 2016 3:00:53 PM
Sep 23, 2015 8:53:35 AM