Story image

The Internet of Things will fail if security has no context

25 Nov 2015

Article by John Donovan, ForgeRock Regional Vice President for Australia, New Zealand and ASEAN.

​Analysts at IDC predict IoT spending will exceed US$7.3 trillion by 2017. While all this is great for improving the consumer experience, a dark shadow lurks behind it all: concerns about privacy and security. 

Identifying who’s who and what’s what has never been so complex. It’s not just about protecting IoT devices but the entire ecosystem, from the customer to the partner, the web page, the mobile device, the mobile app, the cloud and everything else in between.

Static and portable devices need to communicate with each other, and human-to-machine and machine-to-machine identification and interaction must be taken into account.

Without the right model in place, your organisation could be at risk of making your data - and your customers’ data - openly available to cyber attacks.

The IoT requires a new way of thinking and acting, one that will protect a business and help it grow.  To ensure security in the era of IoT, consider the following recommendations:

1. Think security: IT needs to authenticate customers outside the firewall. Users may want to access systems via multiple devices, and they will expect a user experience that is tailored to how, when, and where they access services.

2. Think ecosystem: Trying to duct-tape security architecture together or protect access on a device-by-device basis is not going to work effectively - or even at all. A single platform that unifies the entire ecosystem will provide a simple, repeatable way to protect a growing number of devices.                                                                                        

3. Think flexibility: Building a platform that supports and unifies the entire ecosystem is challenging enough, but you also need to keep the future in mind. Businesses need to support new services, new devices, and new infrastructure on the back end. Open source gives IT a platform it can build on and customise, while open standards offer the flexibility to adapt to future needs in a very standardised manner.                                                           

4. Think monetisation: How do enterprises protect data they can’t see as it’s communicated between IoT devices and other parts of the ecosystem? Ensuring data is encrypted and authenticated is important.

However, it’s also important to understand the relationship between different parts of the ecosystem. Knowing who accesses data and how, where, and when they access it are just a few of the factors that can help ensure proper security.

This knowledge helps you verify the user is legitimate and that current behavior is consistent with past behavior. Because organisations collect all this information, businesses now have a platform they can leverage to better understand and serve the needs of their customers and to provide up-sell opportunities that generate new revenue streams.

No doubt, the IoT will spawn all kinds of new companies and brands in the years ahead. Yet for existing businesses, the time to start formulating strategies to compete and win in the IoT age is today.

According to a recent Gartner report, CEOs list “growth” among their top three business priorities and are investing heavily in their digital businesses to achieve this goal – this is as it should be. IoT will surely play a significant role in achieving this growth, but if it is implemented without proper security, CEOs will fail before they have a chance to succeed.

To find out more about Connecting Customers to the Internet of Things, click here.

Interview: Culture and cloud - the battle for cybersecurity
ESET CTO Juraj Malcho talks about the importance of culture in a cybersecurity strategy and the challenges and benefits of a world in the cloud.
Enterprise cloud deployments being exploited by cybercriminals
A new report has revealed a concerning number of enterprises still believe security is the responsibility of the cloud service provider.
Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.
How blockchain could help stop video piracy in its tracks
An Australian video tech firm has successfully tested a blockchain trial that could end up being a welcome relief for video creators and the fight against video piracy.