The Internet of Things and the Emerging Security Questions
If there’s one negative trend that has emerged in unison with life-simplifying technology, it’s that we are more relaxed about who else has access to it.
And so, with the recent outbreak of panic among web users affected (and potentially affected) by the SSL bug Heartbleed, earlier online security questions seem to have been reopened. As the corporate world runs towards the cloud adoption and consumers become increasingly mobile, general web security loopholes become a more important topic.
Data is being massively created online, which raises more than one question about the future of such a hyper-connected and internet-dependent world. An important trend in the cyber space is the explosion of data triggered by the development of the Internet of Things (IoT). Billions of users access digital content from all parts of the world on different platforms, requiring enhanced network performance, along with corresponding security and privacy measures. Personal data is transferred not only through PCs and laptops, but through a variety of mobile devices and even home appliances that power smart houses, cars, etc.
All this threatens to create an astonishingly complex network of objects interacting with each other via the web, requiring new security standards and enhanced measures of protection. The 2012 IDC report suggested that “the proportion of data in the digital universe that requires protection is growing faster than the digital universe itself, from less than a third in 2010 to more than 40% in 2020.”
Therefore, reaching a fully secure environment on the Internet is only going to get harder, if not impossible, which is partly confirmed by the Heartbleed’s devastation of the OpenSSL. Paradoxically, however, as many security experts have pointed out, many mobile devices weren’t affected by the bug because they weren’t encrypted in the first place. Yet, as the abundance of devices enters our personal and professional lives, the questions of security and privacy are definitely getting more striking.
Securing the corporate IoT
Whereas technology development generally follows the pace of users’ demands, security standards significantly lag behind it. In a complex and rapidly changing digital world of the IoT, security and privacy measures need to be implemented on various levels. At the same time, one’s complete safety becomes a responsibility of multiple parties: end-users, internet providers, security software developers, etc. This is especially important for large enterprises, where data protection is the key priority.
When discussing the IoT implementations in corporate settings, ZDNet’s Ken Hess suggests five levels at which specific security measures need to be implemented:
- Device
- Network
- Server
- Data
- Operating system
Within the corporate IoT, introducing rock-solid protection on all these levels is by no means an easy task for system admins. This is mostly due to the fact that, even with the strongest standards, it remains difficult to monitor all the employees’ devices and data transferred through them. However, corporate IoT is not the only vulnerable area.
Consumers should be worried, too.
Although the general security paranoia doesn’t as much apply to the consumer market, there are still many reasons why even individuals should start thinking more about their online behavior. With the increase of devices and internet access points, the possibilities of malicious activities on the web can only increase and this is certainly an alarming fact. Just think about all the payments an average internet user makes via the web, and all the possible ways for hackers to intersect these transfers or take over his or her credit card details.
Moreover, as we get used to doing our everyday activities via the web, we keep demanding better accessibility and a larger number of automated functions around us. One example of this trend is the growth of the home automation market and the emergence of smart house appliances, which again may be one of the next major targets for hackers. Kashmir Hill discusses potential problems in relation to security of smart homes in an interesting Forbes article. Here, a question of privacy gets even more interesting, encouraging everyone to ask the question: How long before this trend leads to another major security or privacy breach?
People who care
On the bright side, raising awareness of the potential threats has led major web security companies to dedicate their work to securing the IoT. McAfee has recently announced their plans for building a safer IoT of the future, which is an undertaking Intel has also set as their focus. Both companies seem to have realized the importance of providing solutions that would enable both users and companies to have peace of mind next time they connect any of their devices to the Internet.
The primary goal, of course, is to enable smooth adoption of the latest technologies in any settings and eliminate the security issue as one of the major impediments to progress. Hopefully, in a couple of years we’ll get to see the results of their efforts, but the very fact they are working on this issue may be enough to keep us optimistic about the future of the world wide web.
Next steps
Considering the points outlined above, it seems that securing the IoT is becoming a burning issue for both users and service providers. Perhaps Heartbleed has made it clear to end-users that their personal password policies do matter and, hopefully after this, we’ll all develop much healthier practices in this respect.
As for the service providers, they need to invest more energy into satisfying the increasingly security-aware consumers and implement measures expected on their side. This way, all of us can jointly contribute to creating a much happier cyberspace even though no one could ever offer a 100% security guarantee.