Internet of Things is a phenomenon that raises more questions than answers. Although the idea of having devices interconnected and almost intelligent is attractive, most experts admit the existence of multiple risks in the area. Security risks are under the most serious investigation.
The society is learning by its mistakes and doesn’t allow itself to immerse completely into something that hasn’t been fully studied and regulated. It’s necessary now to see the situation as clearly as possible to eliminate the flaws. Engineers who manufacture IoT devices aren’t necessarily network security experts. Thus they can’t be blamed that they might leave security gaps behind.
Auth0 has conducted a survey recently that reveals existing lack of confidence in the security of the Internet of Things. According to the research more than 52% of consumers and about 85% of experts don’t think the technology is secure. Auth0 mentions frequent data breaches occurring in large companies which automatically puts reliability and security at the top of customers’ priorities.
“According to developers we surveyed, one reason for this distrust is because IoT devices are often pushed to market too quickly, forcing developers to cut corners. When asked if they’ve ever felt pressured to rush an application to market despite security concerns, over 85 percent of developers admitted that they had.”
The problem of security is not only identified – developers do their best to solve it. In September Boston hosted the IoT Security 2015 conference where most daunting security challenges were discussed. Some of the useful ideas include:
- Context-aware security, new gateways, and middleware are three measures that can help facilitate the “chain of trust” necessary to support IoT.
- All smart devices can be manufactured with factory wipe options and “good processes” to transition smart products like cars and homes to new owners can be developed.
- Creation of a new class of performance metrics that focus on resiliency, for example, Mean Time Between Recovery versus Mean Time Between Failure.
- Provision of manufacturer-provided security subscription services.
Experts agree that encryption of information is the best possible way for on-device protection. The solution is used by many companies including Apple and Microsoft, which are implementing default disk encryption on their new mobile operating systems.
Jen Martinson, editor-in-chief of Secure Thoughts, summarized: “The Internet of Things is a complex idea and organism, constantly evolving to both its own needs and the needs of consumers. As such, to provide hard and fast security rules would be similar to knowing the workings of a biological creature.”
The Internet of Things attracts substantial funds from the world’s largest companies. Several months ago Microsoft presented its Windows 10 IoT Core. In a nutshell, the Windows 10 IoT Core operating system is about apps for embedded devices used through the Windows ecosystem. Microsoft says IoT Core is designed to have a low barrier for entry and make it easy to build professional devices, and works with a variety of open source languages.