The Internet of Things (IoT) is already revolutionising consumers’ lives. Smart meters and thermostats are reducing energy bills while wearable technologies are helping to make us healthier. But, for IoT to truly take off, Sean Lorenz at LogMeIn believes the industry needs to allay consumer fears about security.
A recent study by KPMG found that 62% of consumers in the UK believe that businesses were not showing enough concern for privacy and security, while 70%t believed that it’s too easy for things to go wrong in our hyper-connected world.
No doubt these fears are being fuelled by high profile stories of connected devices being hacked or not configured properly, resulting in data being compromised. Organisations looking to manufacture connected products need to make security their number one priority, ensuring that what they’re putting on the market is resilient and robustly protects its owners.
This was a point made by the head of the US’s Federal Trade Commission, Edith Ramirez, at this year’s CES event in Las Vegas. Ramirez told delegates that IoT products should not damage the well-being of consumers and that connected products should have robust security built in.
Unfortunately, many traditional manufacturing companies are not geared up to do this. They might be great at designing and making their products, but they simply don’t have the expertise to ensure the security of those devices once they’re connected to the web.
Data is the biggest challenge
With IoT, the amount of information captured about our lives is unprecedented. Businesses looking to retrieve and store data from connected devices need to ensure that it’s kept safe, otherwise they will come across as the perpetrator, rather than another victim, in the event of data theft.
Our data not only needs protecting, but companies also need to be transparent about how they’re using it. For example, what many people don’t realise is that most ‘free’ apps aren’t free at all; it’s just that the provider is capturing and using our data as payment. This needs to change and companies need to let consumers know what they’re doing with their information.
Identity and access
Closely connected to the idea of data use are identity and access, which are at the heart of privacy and security. It’s no longer just you that interacts with a device but any number of people including installers, vendors, or building managers. Consumers will want assurances that their devices and associated networks have authentication protocols in place to guarantee that only those with permission can access them.
While you can have central defence boxes in and out of the network, like those offered by BitDefender, manufacturers still need to ensure the integrity of their products. As such, make sure you have two levels of interception. By all means have a defence box, but the device needs its own security as the user is not always going to connect the device through their home router.
Security tests
When looking to create a connected product, manufacturers need to think about best practice security tests for ‘the board’, on ‘the wire’ and in ‘the cloud’. If you can secure things in these three key target areas, you are closing those security loopholes.
- The board – consider the security of the physical device, for example, can anyone tamper with it?
- The wire – how are messages securely encrypted while in transit over-the-wire?
- The cloud – what authentication and identification procedures are in place and who has access?
Sean Lorenz is technical product manager for Xively at LogMeIn. He helps drive the Xively Internet of Thingsplatform roadmap and works closely with customers to understand how connected products and operations can help transform their businesses.
