The IoT: Time to Get it Right - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Data Management // IoT
08:00 AM

The IoT: Time to Get it Right

The Internet of Things security issues seem close to creating panic in the streets. So, maybe It's time to do IoT security the right way, baked in.

Somehow the Internet of Things has gone from being a miracle drug for every business, energy, security, transportation, and residential problem to The Plague.

In some dreams, the IoT was the cure-all that would give us everything we wanted to know about a customer based on their shopping pattern, their home activities, and their travels. Those same dreams presented the IoT as the ultimate in an operational efficiency tool for businesses.

Credit: Pixabay
Credit: Pixabay

Are those dreams dashed now that IoT devices have been blamed for the recent distributed denial of service (DDOS) attack on Internet management company Dyn? That attack brought down a lot of websites, particularly in the eastern United States. Maybe it was a sign of a pending return of the Black Death seven centuries later.

Or maybe the IoT needs be to be judged in the same way that pro athletes are evaluated: Not really as good as they are on their best days, and not as bad as they are on their worst.

We will be looking more closely at the IoT throughout November.

However, the analyses of the Dyn incident raised some points that are important to keep in mind as we go through this first week of November with our All Analytics Academy program Data Privacy for All, for You.

The Internet traffic that overwhelmed Dyn often came from relatively low-cost consumer devices that were easily targeted with the malware that joined the attack. They didn't have what some call "baked-in security," protection designed in from the start. If you entrust your home, your business, even your family to something like a $100 security system, you get what you pay for.

Security company Forescout has an interesting paper that details the vulnerabilities of seven common IoT devices. In most cases the vulnerabilities turn out to be pretty apparent, and could be fixed with a little extra work at the design phase: flaws such as weak or non-existent credentials or a lack of encryption on IP-connected security cameras.

This "baked-in security" goes hand-in-hand with our A2 Academy session scheduled for Thursday, when Greg Reber of AsTech Consulting will present best practices in "baked-in privacy". (The Academy program opens today with a presentation on customer privacy by Sagi Leiserov of Ernst and Young). You see, all of those IoT devices that could be used to launch a DDOS attack also could be feeding your private information to someone with evil intents. That information could be your company secrets, personal data about employees, or the financial data of customers.

Greg Reber
Greg Reber

One thing we know about baked-in security or privacy is that it makes sense. It's exactly what we wish the folks at Microsoft had done with Windows many years ago, and what we want from mobile apps, corporate devices, and home automation technologies.

Common sense says that we should have baked-in security, but dollars and cents say that we don't. As tech buyers we are as guilty as those companies that build or sell technology. Whether we are buying for ourselves or a giant enterprise, we want technology to be cheap, easy to use, and available now.

Our rush to buy, our distaste for measures like complicated authentication, and our penny pinching justify our tech suppliers' attitude of "just get it to market".

The sad part about what is happening right now with the IoT is that we've known from the start that the IoT presented an opportunity to do it right. We had a chance to redesign networks, build in authentication, and isolate unrelated devices and applications from each other. Instead, we get to wonder who can see what that security camera sees, and where that retail store beacon data really is going.

Maybe it's not too late to tighten up IoT security, to do it right from the start. Lets get off on the right foot by heeding the advice that Greg Reber shares in the A2 Academy on Thursday. Remember, cheap, easy, and available is no way to go through life.


We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Top 10 Data and Analytics Trends for 2021
Jessica Davis, Senior Editor, Enterprise Apps,  11/13/2020
Where Cloud Spending Might Grow in 2021 and Post-Pandemic
Joao-Pierre S. Ruth, Senior Writer,  11/19/2020
The Ever-Expanding List of C-Level Technology Positions
Cynthia Harvey, Freelance Journalist, InformationWeek,  11/10/2020
White Papers
Register for InformationWeek Newsletters
The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
Current Issue
Why Chatbots Are So Popular Right Now
In this IT Trend Report, you will learn more about why chatbots are gaining traction within businesses, particularly while a pandemic is impacting the world.
Flash Poll