A new survey shows that just one in ten Internet-of-things (IoT) devices has adequate security. Consumer devices are especially bad, too often vulnerable to simple hacking techniques. This is also something we at Nexus also have raised in several forums lately.
This is not a limited issue either. Gartner predicts 21 billion devices will be connected by 2020. Every day tons of new devices are being launched, and the pace will only increase.
But this fast pace is also one of the reasons security is not great. Having pressure to quickly launch IoT-devices means compromises have to be made, and too often security is one of these compromises. We see for instance that security is being added very late in the process of developing a new product.
The late inclusion of security means that the conditions for truly securing the product are less than optimal. Security experts have to work under tight deadlines with many restrictions as the product is near finished. It is time to market versus time to secure the product.
This is serious when you think of the potential consequences. A breached IoT-device could mean access to critical networks and systems. It could be less dramatic, or it could be that hospital or power plant. We need to raise the bar now, before breaches start to impact wider society.
Remember the whole lifespan
Nexus is already working with customers and partners with the “Identities of things”. In this concept we stress the importance of having a professional framework dealing with security for devices during their whole lifespan, not just introduction to market. An often forgotten phase is when an IoT-device is no longer used. More often than you would think there is no policy or process for retracting the identity of that device. No routine to recall the authorizations connected to that device. This means that in the wrong hands, it could be used to access and breach systems and networks.
Some things are starting to change though. Gartner notes that spending on security when it comes to IoT is increasing by almost 24 percent, reaching 348m USD this year. So hopefully this lack of professional security at all stages is a temporary glitch in history.
Internet of things will bring us incredible innovation and productivity. It will change our lives for the better. But only if we take security seriously. So if you are developing IoT-devices, add security from day 1, and have a plan for the whole product lifespan, eliminating access after the device is taken out of use.
We need to take more responsible for the internet of things and we need to do it now.