Embracing The Internet of Things as well as its Security Challenges (Part 2)

By /

If you would like to be notified when Ricky & Monique Magalhaes release the next part in this article series please sign up to our WindowSecurity.com Real Time Article Update newsletter.

If you would like to read the first part in this article series please go to Embracing The Internet of Things as well as its Security Challenges (Part 1).

The Internet of Things is a fast growing global industry and is infiltrating into our everyday lives. We will be left with little choice but to embrace this evolution in technology but we should also be very aware of the security challenges that are associated with it.

Introduction

There are three areas in particular where the IoT will show pronounced impact. First and foremost, security as well as impacting big data and the cloud.

Security will be hugely impacted. The IoT not only brings with it the amalgamated security issue, combining security surrounding information security, physical security and operational security. Also the sheer numbers of devices involved with the IoT and their varied attributes needs to be managed and secured. All these devices will need to connect to a network as IoT relies on connectively. The network, the device and the people will need to be secured.

The IoT will process huge volumes of data and this data will need to be collected, processed and stored somewhere – in the cloud, be it private, public or both. Data centre traffic will increase substantially and cloud will be representing the majority of the traffic.

The anticipated 50 billion devices by 2020 will generate amounts of data unimaginable and will continue to grow with each new device connected globally. This data will need to be managed, secured and analysed. The impact IoT will have on big data is great and subsequently on analytics advancements to make good use of the data collected.

Driving forces for the IoT development and deployment include:

  • Universal networks (the increasing demands for internet connection on everything)
  • Connected computing (enriched tracking of occurrences taking place daily for improved convenience in our day to day tasks)
  • Universal sensors (the internet of everything and the advancements in the wearable trends and technologies)
  • Intelligence at the boundary of the network (each sensor to be a competent database machine with learning algorithm capabilities)
  • Analytics-as-a-Service (the API and App enables all “things”, as long as it can connect to an API or invoke an App that performs a network-based service, to make or take data driven actions)
  • Marketing mechanisation (the ability to create a network of all information about customers’ locations, purposes, preferences, and buying patterns, to provide useful products and services on demand)
  • Supply Chain Analytics (being able to deliver products when required by IoT monitoring, observing, and anticipating for a product requirement to surface)
  • Advancement in Manufacture:(Improved Automation, robotics, Machine-to-Machine, 3-D printing, advancements in types of analytic analysis)

Microsoft’s Windows 10 for IoT

The new Windows 10 OS for IoT is nearing release. It has been developed in a manner to help address the challenges of security and privacy specific to IoT technology.

Within Windows 10 IoT there will be three classes, mobile devices, small devices and industry devices, all supporting universal apps and drivers. Through this the utilisation options can extend over a large range of deployment possibilities. With the specific OS for IoT, greater integration with cloud services, security and machine-to-machine connectively is possible.

Microsoft have utilised the defence in depth model when developing Windows 10 OS for the IoT application. This approach to security spans the various layers, from the physical environment to the digital device/hardware as well as to the data being processed.

Windows 10 provides a trust model and an extensive variety of secure networking capabilities. This ensures security encompasses the hardware, booting, drivers and applications. Security polices are also enforced.

Azure comprises all the necessary components to support IoT solutions. Azure services for the IoT provides the connectively capabilities needed for data processing, collecting and storage. It accommodates high-speed intake of data in real time as well as being capable of storing raw sensor data for processing. Communications between the cloud and the devices or gateways are accomplished in a secure manner while data privacy is maintained.

With the IoT all layers need to be secured, this includes the OS, the device, the network and the users. All areas of security need to be carefully considered, planned and addressed to be effective.

Consider your approach to security

The manufactures approach to security of IoT

With the lack of a standardised security protocol, manufactures of devices should try to ensure the security fundamentals are addressed well. It may be beneficial to approach security in the following ways.

  • Place emphasis on the importance of security within your company. This can be achieved by creating a culture of security from within. Attain to high standards of security at all times, the levels of security you choose to accept from others as well as the levels of security you provide
  • Build security into your product/service from the design stage, it should not be an after thought but part of your planning and design process. Integrate security best practice from the planning and design stage of the IoT product
  • Embed security throughout design, coding, testing and evaluation
  • Defence in depth, secure your product spanning all the layers
  • Use risk management practices to identify where vulnerabilities may occur when the product is in use
  • Place increased security measure in areas where the risk is potentially higher (a risk-based approach to security) Allocate security resources according to risk levels
  • Utilise good secure development practices, enforced with a rigorous and continuous analysis program
  • Know the data you process (collect, store, utilise). If the consumer data is not a prerequisite of your products functionality then don’t collect it. If you process such data you must ensure it is properly secured
  • Have a data privacy policy in place and be transparent with regards to customer data
  • Refrain from utilising default passwords, encourage changing of passwords as this is a common area for breach
  • Education is very important. Educate on best practice and ensure a knowledgeable team is on hand to support the customer utilising the product and able to assist with managing any issues efficiently

The administrators approach to security of IoT

  • Be sure to address security of connected ‘things’, security of systems and data privacy
  • Secure comprehensively, ‘thing to thing’, ‘service to thing’, and ‘thing to users/people’
  • Rethink network security before deploying IoT
  • Undertake a risk management assessment to determine areas of potential vulnerability when the product is in use and the effects this may have on the business both financial and non financial. Utilise a broader view of the potential threat landscape to secure accordingly
  • A firewall will not suffice to manage the traffic of IoT, instead utilise gateway solutions with protocol filters, policy competencies and functionalities specific to IoT
  • Guard the gateways
  • IT devices and IoT devices should be on completely separate networks to avoid the compromise of one network enabling access to another
  • The degree of network separation should be determined by the sensitivity of the data, a risk assessment should be undertaken to accomplish this
  • Keep abreast with evolving vulnerability evaluations and innovation in security solutions
  • Keep abreast with advancements in standards
  • Ensure your monitoring and intrusion detection is up to scratch. A good understanding of traffic monitoring is crucial to intrusion detection and noticing of any suspicious activity.
  • Have systems in place to protect your data
  • Do not use default passwords, change passwords regularly
  • Educate the employees/users. Ensure everyone follows best practice and that everyone is aware of the vulnerabilities and the policies to follow

Conclusion

As the landscape for the IoT expands so does the surface area for malicious potential. Multiple layers must be protected to ensure business IP, customer data and operational infrastructure remains secure, safe and private.

The impact of IoT particularly on Security, Cloud and Big Data is substantial and these areas will require greater focus.

This is no small feat but one that must be addressed and requires wide-ranging, comprehensive action to achieve.

If you would like to be notified when Ricky & Monique Magalhaes release the next part in this article series please sign up to our WindowSecurity.com Real Time Article Update newsletter.

If you would like to read the first part in this article series please go to Embracing The Internet of Things as well as its Security Challenges (Part 1).

About The Author

Read Next

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top