Photo: Sharat Sinha
A few years ago, the idea of having home and office appliances connected to a network may have seemed like something straight out of science fiction. Today, however, as technology continues to develop and evolve, this is fast becoming a reality that is increasing in complexity and sophistication.
Commonly referred to as the 'Internet of Things' (IoT), this connectedness is seeing a surge in growth, as everyday appliances are being IP-enabled and connected to the network. Clearly, it is a trend which seems set to continue.
Last month's Internet of Things (IoT) Asia Exhibition and Conference, held in Singapore, reflected the direction local enterprises are moving towards to enhance their competitive advantage, with devices in the IoT used to better address their consumer and/or enterprise needs. But the benefits of IoT, while often cited as significant, have been countered with talks of increased security risks, which could be substantial, particularly in areas such as critical infrastructure, where they become targets for nation states and criminal organisations intent on accessing confidential data and information.
What are the vulnerabilities posed by IoT?
Analyst group Gartner projected that by 2020, the number of IP-enabled devices, not including PCs, tablets and smartphones, will hit 26 billion units globally, while IDC's assessment pegged that number at 212 billion units. These numbers are significant, as each device represents another potential entry-point for hackers to launch targeted attacks on enterprises. With more devices communicating and sharing potentially confidential and sensitive data, coupled with the emergence of unprotected networks, the conclusion is obvious: there will be far more vulnerability points for security breaches.
Secondly, vendors with little or no security expertise are likely to overlook the security aspect of their low-cost IP-enabled devices that can be hooked up to the IoT. Thus, it may not be surprising to find basic security features absent in these devices. Moreover, there are no security standards to conform to in the majority of these devices—each differing in purpose and construction, utilising different operating systems and plugging into different parts of a network or system. As a result, protecting these devices and the communication between them has become a big challenge.
The third major risk is the devices' connection to cloud-based applications and services. New data is constantly being uploaded, processed and deposited in the cloud, bringing the issue on data sovereignty into question. Moreover, data collection is often vague, with little clarity on access control and management, resulting in further complexities to segment and secure these massive volumes of data.
Sign up for Computerworld eNewsletters.