What you’ll learn:
- Why IoT security is critical across consumer and enterprise markets.
- How to ensure security within your fleet of devices.
MWRF: So, why do we need to be having the conversation about IoT security right now?
Drew: The Internet of Things is reaching human life at so many different touch points, from smartphones, to appliances, even to healthcare tools such as pacemakers. I suspect that the prevalence of recent hacking will only continue. IoT security will become more than a technology problem, and become a cultural one.
Many people would not know unless they sat back and really thought about it, but they likely have somewhere in the vicinity of 10 to 20 connected devices with IP addresses in their homes alone. The same extends to the enterprise, except we are talking in the thousands.
According to Gartner, over 20 billion IoT devices were in use in 2020 alone, and a lack of security means there are far too many vulnerabilities for cybercriminals to pinpoint and exploit our data. Not to mention the recent movement from a legislative level in both the U.K. and U.S. All to say, I think the conversation is validated.
Who is securing these devices?
That is a problem in and of itself. Top line—security is hard. This is an incredibly challenging problem to solve, and right now, we are finding that not enough people are available to do the job or to understand the job from the ground up. There is a growing movement to secure platforms that help with the development, deployment, and maintenance of connected devices in a way that is more standardized—and promotes learning from shared experiences.
New proposed laws have also identified gaps in transparency and frequency when it comes to OTA [over the air] and software support for the lifecycle of connected devices, so this is an area I expect that we’ll see a lot of movement in from an ownership and accountability perspective. OEMs and brands will soon need to be at the forefront of these conversations
What are some tips to ensuring a secure IoT device deployment?
At the very minimum, you need a plan in place when a security breach or hacking does happen. Make a plan, pinpoint the people who know how to address the breach, and fix it.
However, we are learning more and more how crucial it is to adapt from reactive models to more preventative models. Organizations need platforms that encourage and facilitate continuous testing so that its fleet of devices is always up-to-date with the latest bug fixes and security measures. When you do take this preventative method, it is a technology equivalent to setting up another insurance policy for your business.
Often, organizations don’t have this capability in place, having neither the IT bandwidth nor the experts to handle this complex problem. So, I expect we’ll see an increase in partnerships with third-party vendors to support this more preventive, protective model and begin to identify vulnerabilities before they even appear.
How do you work with customers to get them on board with this preventative method?
Well, once we can identify potential issues or concerns that are hiding around corners, that sets everyone up to mitigate issues before they arise. In the end, identifying security risks before they happen delivers a host of benefits for a business and its users—from saving money, to eliminating downtime, to getting to market quicker, to even finding ways to add value on top of already existing products and solutions.
One of the other unsung benefits of this preventative approach (made possible by a more standardized platform approach) is the ability to learn from the sharing of experiences. Similar to approaches that we use for product innovations or application development, this can be brought to security.
Other than person-to-person conversations, what else in the world is bringing security to the forefront of conversations now?
New legislation and laws proposed by both the U.S. and U.K. governments are all the validation this conversation needs. Specifically, the U.K. government recently announced new security laws to protect IoT devices, which was largely a reaction to surges in smart device sales during the pandemic. You do not often think about the security of a device when making these purchases, or for how long the device will be protected and updated to remain secure. This is a huge step in changing this narrative and a positive step forward for our safety and security.
Is there anything else you would like to share on the topic?
Well, I could go on for days, but I think I would really like to hammer home the following: Security is hard. Better systems and platforms need to be in place so that devices are “built secure” before they are a part of our connected lexicon, and this is as much of a cultural shift as a technological one. It will be a challenge, but we must continue to talk about security and bring it to the forefront of business discussions.
If you look how dependent companies and consumers are on IoT and edge technologies—and the tremendous value they deliver—it’s a no-brainer. As this movement continues, security will become a chief element of a brand’s reputation, which will elevate the conversation to where it must reside.
Ian Drew, Chairman at Foundries.io, is a FTSE 50 senior executive and serial entrepreneur within the global technology industry. With a track record of founding and leading successful companies, he specializes in growth and strategy, ecosystem development, international expansion, and M&As. He delivers industry-changing initiatives in areas such as IoT, security, trust, automotive, telecoms, smartphones, and software (both client and server/enterprise).