These are exciting times. Rapid digitization is heralding an Internet of Things- (IoT-) driven future with vibrant possibilities impacting lifestyles, productivity, and the larger operational matrix.
IoT promises to be the single largest game-changer with analysts predicting 200+ billion connected devices by 2020 (Source: IDC), enabling enormous opportunities even as the market prepares for an IoT economy.
Clearly the data influx will be voluminous — according to another estimate by IDC, there may be 44 ZB (1 ZB=1021 bytes) of data by 2020.
IDC also predicts that “by 2019, at least 40% of IoT created data will be stored, processed and acted upon close to, or at the edge of the network,” signalling changes not only in the architecture but the overall ecosystem.
Given the range of this connectivity and its sheer reach and potential, there a few complex roadblocks.
Security professionals (teams) around the world are actively considering the threat that is posed by exposing this digital data and controls (ranging across biometrics, financial information, personal data on Facebook, Twitter, enterprise data, strategies, healthcare data, and even the data from your personal and everyday usage devices) through the enablement of identity and access management. Financial loss – and possible threats to lives and livelihoods is a critical area.
For instance, vulnerabilities have been found in baby monitors, pacemakers, drug pumps, cars, wearables, SCADA systems, and firmware in personal devices.
What is also important to understand is that most of these traditional manufacturers are not completely in-sync with the emerging tech; they are, however, rapidly imbibing these innovations. Consequently, security will become an area of concern, emphasizing the need for identity and access management.
It is expected that the vendors would add “connectivity” and “(some form of) insights” feature going forward by default — leaving its efficacy to the users. But this also leaves room for another complexity: attack vectors could increase exponentially, control measures would also reduce at the same pace, unless immediately addressed by identity and access management.
Here are some of our ideas towards securing IoT:
- Dynamic and risk-based analysis combined with analytics — based on environment data or behavioural patterns
- Identity and access management reconfiguration — a new paradigm of user education and practical training to mitigate the terrain
- Authorization mapping as per unique business needs — a completely new look at asset registers and databases for security and agility
- “Connected silos” approach — ascertaining the extent of damage that the smallest breach or vulnerability can bring about
- Collaborative approach with ample window for change — an underlying infrastructure free of any rigid approaches
- New ecosystem and alliances — to provide security at the foundation/design level
- Comprehensive lifecycle overhaul — future IoT models may require a fresh and refurbished operational blueprint
- Manage expectations – accept IoT complexities around layered security, defence, resilient codes towards working together
- Align threats to individual business issues and risk tolerance — reverse engineer across all professional/personal aspects.
- Updation of audit mechanisms, certifications and privacy laws — and stay abreast of arising trust, privacy and interference norms
Lastly, understanding the direction of the threat landscape would be critical to keep pace (if not one step ahead) with future dissonances. Outmoded techniques must be disposed since this a matter of urgent and pressing importance. Remember, ‘Shutting down the pacemaker just because someone can hack it’ is a grave travesty.