Importance of IoT Device Security
The term Internet of Things (IoT) means a lot of things to a lot of people. To consumers, it may be about smart refrigerators, and to heating and cooling installers, IoT may mean connected thermostats.
The term has been around a long time, as evidenced by industrial controllers that have been remotely managed for decades. The commonalities are network connectivity and some level of constraint – such as a lack of direct human interaction – which differentiate IoT devices from smartphones and PCs.
The term Internet of Things (IoT) means a lot of things to a lot of people. To consumers, it may be about smart refrigerators, and to heating and cooling installers, IoT may mean connected thermostats.
The term has been around a long time, as evidenced by industrial controllers that have been remotely managed for decades. The commonalities are network connectivity and some level of constraint – such as a lack of direct human interaction – which differentiate IoT devices from smartphones and PCs.
Connected devices are increasingly finding their way into operational environments to solve age-old business problems. Imagine if a jet engine could be monitored with sensors to predict the point of failure to avoid downtime automatically? What is the value of analyzing operational heat and pressure data that exists only in real-time at a utility operator or a plastics manufacturer? Is driver speed behavior information useful for an insurer?
It turns out that data from these IoT sensors and controllers are valuable enough to change entire business models. The phenomenon is nothing less than revolutionary. Usage of data for better business decision making and automation for better efficiencies are enormously valuable – and the basis for business movements such as Industrie 4.0.
Core to the future and success of the IoT is the “security of things.” How do we ensure the integrity of data? How do we ensure that the operational systems being automated are controlled as intended? A lot of hard lessons have been learned during the past few decades in traditional Enterprise IT.
We have already seen what a lack of IoT security leads to: the Mirai Botnet, automotive and health care device recalls, and real industrial damage and risk.
There is some good news. It turns out that a technology that has been with us for about three decades is an ideal solution for securing IoT. PKI, when implemented as a purpose-built offering aimed at IoT device vendors, can provide strong digital identities to IoT devices. Remember how you used to authenticate to your social media account, your ERP systems, and even your PC itself? You probably entered a username and password. But that approach won't work for IoT devices. We need strong cryptographic-based digital identities that enable mutual authentication. In other words, we need IoT devices to know who (and what) they are connecting to and communicating with.
This can seem daunting when you consider that there are hundreds of millions of devices across the IoT ecosystem. Experts expect as many as 50 billion devices to be in active deployment by 2020. So how are enterprises, manufacturers, technology providers, and myriad other stakeholders, going to tackle the security of things at such a huge scale?
I am thrilled to join Sectigo as CTO of IoT, where I will lead a stellar team in further advancing one of the best solutions available today for addressing this challenge: Sectigo’s IoT Manager. View the IoT Manager product video to learn more about our cloud-based purpose-built issuance and management platform that helps secure IoT devices. And, please look out for helpful best practice posts, along with more expert columns from our team in the coming months.