Developments within the Internet of Things (IoT) space are happening at tremendous speed, but the pace of this change creates challenges from a security standpoint.
Recent research from Capgemini Consulting found most organizations are not providing adequate security and privacy safeguards within their IoT products.
Much of this is a result of a lack of specialized security skills, but also glaring inefficiencies within the IoT product development process. Capgemini’s survey found only 48 percent of companies focus on securing their IoT products from the very beginning of product development.
This is potentially disastrous. Given the expanding potential attack base being created by the huge growth in connected devices, security needs to be just as much at the heart of any IoT development as the product’s basic functionalities.
Stopping hackers, and preventing holes from being left in any IoT system, is something that must be thought out from the very beginning. This goes beyond even the system itself, and how it connects devices together and to the cloud. Developers need to think even further ahead. For example, they need to plan how they are going to carry out necessary firmware upgrades down the line in a secure manner.
Ensuring security is woven into the product development should not be too difficult. Security is a customer’s major concern when it comes to IoT, and ensuring they are adequately protected can be key to future sales and revenues. The security solutions are out there, manufacturers just have to make sure they use them.
This is slightly complicated by the fact that, because the industry is still in its early stages, people are still figuring security out. There are so many companies coming up with IoT solutions, that we are yet to have any one-stop security solutions because of the diversity of devices.
This means that what secures one device will not necessarily be sufficient for the next device because it might be completely different. Plus, each device has so many different aspects to it - say Bluetooth, or Wi-Fi, or radio - that they cannot all fold into a solution.
Nonetheless, the solutions are out there, and they must be built into IoT products at the earliest stage. Nordic, for example, has software on its devices that conducts encrypted firmware uploads. Those are starting to emerge for a variety of aspects of IoT devices. So when commencing your top-level design, you need to look at the particular things that should be secured on each device, and make sure they are tackled from the start.
This will obviously depend on what components are involved in each case, on a client-by-client basis. There is no one solution to IoT security, it is different to every device. But ensuring you have in-built the security solutions from the very beginning will ensure it is not an ongoing burden for your company, and will save time and aggravation in the long run.
Don’t get caught unaware. When you start mapping out your product functionality, map out how you propose to deal with security every step of the way, identifying the solutions that work for each particular issue. Your client, and your business, will thank you in the long term.
Other articles in this section
The first thing to know about code reviews is if you think they’re easy, you’re probably terrible at them. But don’t feel bad.
A good user interface is an essential part of great software development. A user interface is the “front-end” that allows the user to easily interact with your software.
IoT can be an amazing enabler for your product, but it’s important to make sure you get the architecture right.
Brian is a life-long software developer who loves to help others succeed. A frequent source for media outlets, such as BBC, Entrepreneur and Bloomberg, Brian also frequently speaks at universities, conferences and the like. His new book, "Unravelling the Internet of Things" will be available soon on Amazon.com.