The IoT: Time to Get it Right - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Data Management // IoT
08:00 AM

The IoT: Time to Get it Right

The Internet of Things security issues seem close to creating panic in the streets. So, maybe It's time to do IoT security the right way, baked in.

Somehow the Internet of Things has gone from being a miracle drug for every business, energy, security, transportation, and residential problem to The Plague.

In some dreams, the IoT was the cure-all that would give us everything we wanted to know about a customer based on their shopping pattern, their home activities, and their travels. Those same dreams presented the IoT as the ultimate in an operational efficiency tool for businesses.

Credit: Pixabay
Credit: Pixabay

Are those dreams dashed now that IoT devices have been blamed for the recent distributed denial of service (DDOS) attack on Internet management company Dyn? That attack brought down a lot of websites, particularly in the eastern United States. Maybe it was a sign of a pending return of the Black Death seven centuries later.

Or maybe the IoT needs be to be judged in the same way that pro athletes are evaluated: Not really as good as they are on their best days, and not as bad as they are on their worst.

We will be looking more closely at the IoT throughout November.

However, the analyses of the Dyn incident raised some points that are important to keep in mind as we go through this first week of November with our All Analytics Academy program Data Privacy for All, for You.

The Internet traffic that overwhelmed Dyn often came from relatively low-cost consumer devices that were easily targeted with the malware that joined the attack. They didn't have what some call "baked-in security," protection designed in from the start. If you entrust your home, your business, even your family to something like a $100 security system, you get what you pay for.

Security company Forescout has an interesting paper that details the vulnerabilities of seven common IoT devices. In most cases the vulnerabilities turn out to be pretty apparent, and could be fixed with a little extra work at the design phase: flaws such as weak or non-existent credentials or a lack of encryption on IP-connected security cameras.

This "baked-in security" goes hand-in-hand with our A2 Academy session scheduled for Thursday, when Greg Reber of AsTech Consulting will present best practices in "baked-in privacy". (The Academy program opens today with a presentation on customer privacy by Sagi Leiserov of Ernst and Young). You see, all of those IoT devices that could be used to launch a DDOS attack also could be feeding your private information to someone with evil intents. That information could be your company secrets, personal data about employees, or the financial data of customers.

Greg Reber
Greg Reber

One thing we know about baked-in security or privacy is that it makes sense. It's exactly what we wish the folks at Microsoft had done with Windows many years ago, and what we want from mobile apps, corporate devices, and home automation technologies.

Common sense says that we should have baked-in security, but dollars and cents say that we don't. As tech buyers we are as guilty as those companies that build or sell technology. Whether we are buying for ourselves or a giant enterprise, we want technology to be cheap, easy to use, and available now.

Our rush to buy, our distaste for measures like complicated authentication, and our penny pinching justify our tech suppliers' attitude of "just get it to market".

The sad part about what is happening right now with the IoT is that we've known from the start that the IoT presented an opportunity to do it right. We had a chance to redesign networks, build in authentication, and isolate unrelated devices and applications from each other. Instead, we get to wonder who can see what that security camera sees, and where that retail store beacon data really is going.

Maybe it's not too late to tighten up IoT security, to do it right from the start. Lets get off on the right foot by heeding the advice that Greg Reber shares in the A2 Academy on Thursday. Remember, cheap, easy, and available is no way to go through life.


We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

Becoming a Self-Taught Cybersecurity Pro
Jessica Davis, Senior Editor, Enterprise Apps,  6/9/2021
Ancestry's DevOps Strategy to Control Its CI/CD Pipeline
Joao-Pierre S. Ruth, Senior Writer,  6/4/2021
IT Leadership: 10 Ways to Unleash Enterprise Innovation
Lisa Morgan, Freelance Writer,  6/8/2021
White Papers
Register for InformationWeek Newsletters
2021 State of ITOps and SecOps Report
2021 State of ITOps and SecOps Report
This new report from InformationWeek explores what we've learned over the past year, critical trends around ITOps and SecOps, and where leaders are focusing their time and efforts to support a growing digital economy. Download it today!
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Flash Poll