Archived content

NOTE: this is an archived page and the content is likely to be out of date.

Security for Internet of Things

All the forecasts are clear: the IoT market is growing fast. But one thing is far less clear.

If the mobile wave extended the internet into people’s everyday lives, the IoT extends it into the physical world around us.

A conservative estimate indicates there will be 50 billion connected things in the world by 2020¹. The IoT enables us to overlay information anywhere in the physical world - whether that is a water pipeline, a moving car or a pair of shoes. We are only seeing the tip of the iceberg. A BI Intelligence report puts the figure at 34 billion by the same date² . Whichever statistic turns out to be accurate, everyone can see that the market is increasing at a rapid rate. But few people are talking about the parallel increase in security risks for enterprises that may rely on IoT.

So how best to secure IoT?

Security breaches have proved costly. Yet IoT devices are relatively cheap. They are new phenomena too and are emerging at a time of major change in the security landscape. Data protection laws – including GDPR – will impact the IT security of almost every company in Europe. But it is important to remember that securing IoT is based on the same principles of securing any other kind of IT. So it’s worth revisiting them here:

1. Take a lifecycle approach

Secure for Internet Lifecycle Risk assessments are required right at the outset so you can see the security controls needed into the future. Being able to flex controls as business requirements change also means committing to continual risk management. As a result, IoT will require investment in the security measures to protect the devices and data. Perhaps the first step is to ask yourself whether you actually need IoT devices. If you do, and conclude that investment based on the security risks are justified, then what is your best approach? Would you choose patch upgrades for life or spend on reissues when the in-built security becomes obsolete?

2. Profile your devices

Secure for Internet Profile Being clear on the type of IoT devices you manage can help you manage your risks and your costs.

For example:

‘Household devices’ —These simply send and/or receive data related to a dedicated activity and may be simple or cheap to replace.
‘Industrial devices’ —These are relied on to manage remote sites more efficiently and are often linked to central controls. Because they are responsible for multiple data sources or sensitive information the level of security may need to be higher.
‘Smart city connections’—These form a nebula of hard IoT (e.g. traffic controls), autonomous devices that enter and leave the city boundary (e.g. connected cars), and utility plant. As such,organizations must decide what role their devices play and choose appropriate security controls.

3. Look at your interconnections

Secure for Internet Interconnection Bottom line, how do you secure the ways IoT devices connect to your enterprise?

Are measures in place to secure the comms from each device to the center?
Do devices rely on insecure connections over unprotected networks and are you paying to monitor these?
What about the security of the web apps and cloud connections each device relies upon?
What does the software do and does it have a more important role elsewhere?

What does this mean for your organization?

Considering IoT in context is important. It is one of the new areas of IT in which the perimeters can continually change—just as when a connected car passes through a smart city. So security must be flexible enough to respond.

Most importantly, IoT is fast becoming essential to business operations. As such it has become part of the overall IT infrastructure. So it needs to be treated as such. Security is a good place to start.

1 https://www.fujitsu.com/global/documents/vision/download-center/FTSV2016_Book1_2_EN-1.pdf

2 http://uk.businessinsider.com/internet-of-everything-2015-bi-2014-12?r=US&IR=T

Top of Page