Are your programmers equipped to mitigate IoT security risk?
Are regular programmers who are now getting into IoT trained or even aware of the security risks and how to mitigate them? Read on to find out.
Designing secure IoT products requires multiple skills. The main obstacle here is the shortage of experienced security experts and fragmented security solutions which involve a number of vendors.
Why is IoT security different?
Conventional security solutions focus on the perimeter network defense. UTM, IPS, IDS and authentications solutions prevent, detect and monitor threats coming over the network. But they prove to be inept at protecting against IoT-related attacks.
IoT threats gain enterprise access mostly through the broader RF spectrum. Any device enabled by Bluetooth, NFC, RFID, Z-Wave, ZigBee or 2G/3G/4G protocols, connected to the enterprise presents a threat.
Lack of Experience
The potential risks while securing an IoT device are significantly higher than that in conventional stationary computers. The design of a secure IoT product requires a bundle of skills to consider the app, device, infrastructure and the entire communication channel. Experienced and specialized security experts, needed to create a secure environment for any IoT framework, are in a great shortage. But, even for the more experienced experts, it is necessary to keep up with the rapid tempo of new digital revolution.
On the other hand, although the users of IoT devices normally do care about security, they are least bothered with it. Consumers who are guided by aggressive marketing campaigns rarely understand how the connectivity option can physically influence their world. Companies should actively try to educate users on how to use their devices safely. One way of doing this can be the use of a robust technical support staff, a small group of employees trained to teach customers the best available security practices.
The vendors
The vendors also must address security concerns. In the present scenario, there are multiple vendors for IoT security. In the coming future, this might possess a threat as it will give multiple entry points to hackers. Hackers with disruptive intentions might easily gain access to the IoT devices because of the difference in the security layers. On the other hand, a singular security system is highly improbable for all IoT devices as their numbers have already crossed several billions and in no time we will have a trillion devices. The most probable solution at this point seems to be the standardization of security measures. A single authority needs to emerge in order to form and enforce certain measures to ensure security of IoT platforms.
Innovations in IoT frameworks are coming to the fore at a very fast pace, so it is na?ve to expect that security would be extremely fool-proof at all times. The need right now is to constantly keep changing the security measures and keep them in line with the new innovations. It might be a hard task but, at present, this is what needs to be done to ensure security.
#BringItOn
Founder at TalaSecure | Helping medtech startups comply with FDA and SEC security guidelines | Fix vulnerabilities in days instead of months
8 年Having spearheaded Secure Development Lifecycle efforts in two different companies, I found that it was not good top blame the engineers as much as the management structure for bad security practices. I realized very quickly that if you could demonstrate to an engineer how quickly a piece of software could be hijacked, they would try to do the right thing. Maybe I have a lot more faith in engineers than I should but I do. I think they all want to write good code. Most deadlines are tight and any security fixes get kicked out. Many times engineers are ordered to not disclose code to security teams by the product and program managers.
Results-Driven Full Stack Developer | .NET | Mobile & Web | Azure | Agile Expert
8 年IoT, coding and security should work together, but I don't see programmers doing it all. Programmers might check on security from coding, but I thing it has more to do around it.
Head of Delivery | Data-Science | Machine Learning | Hyper-Automation | Freelance
8 年Here one has to adopt an approach which is different then security between device to device. For example... one may group devices based on user and user access could be controlled and monitored. Firmware for IoT devices need to ensure no backdoor entry possible... etc. etc. Its basically a big topic for discussion :-)
Sr. Delivery Leader - Engineering Services
8 年There is a need to come up security compliance standards and have all connected things certified. This will help in driving more confidence in adopting IoT technology both by enterprises and consumers