The Internet of Things (IoT) has radically changed the way many enterprises think about connectivity. With devices that can "talk" to each other across geographical and cultural barriers, companies have faster and more reliable access to real-time data than ever before. But with great connectivity comes great security concerns. SearchManufacturingERP.com site editor Brenda Cole sat down with Rob Black, director of platform product management at Axeda, to discuss the importance of IoT security.
Have you seen any changes in the way IoT is being approached over the past year?
Rob Black: Security requires continuous improvement. The threat environment has changed, so it's important to be diligent around patching any known vulnerabilities. There's a lot of reliance on third-party software, and issues come up from time to time; for instance, the Heartbleed OpenSSL issue came up recently. So, a lot of [IoT security] now has to do with the everyday blocking and tackling of threats.
How can IoT-connected companies train their employees to understand IoT security issues?
Black: There are seven components of IoT security -- device, communication inside the firewall, communication outside the firewall, cloud operations, cloud platforms, cloud applications and cloud development. Device is a rather large category; it's about developing on the device, managing the device and securing the device.
A lot of the time, [IoT providers] can only do so much to help with IoT security. It's really up to the customer to know the applications of their IoT. The person who controls the device is the one [who] operationally has the ultimate security, saying the right permissions and locking things down appropriately.
How educated do you think the average user is when it comes to IoT security?
Black: Many large enterprise customers are extremely sophisticated. Others might not necessarily understand the security piece, but they understand regulators coming to them and what needs to be done to meet those requirements. Then, of course, you have some customers who just don't understand security. But then it's the job of IoT providers to help them become more knowledgeable and give them the tools needed to improve security.
Manufacturers, depending on the industry, can be very security-conscious -- manufacturers involved with healthcare, for example. They face a lot of industry requirements and regulation requirements around production and shipping.
When it comes to starting new IoT projects, get the security department involved early, explain the architecture to them and what you're trying to accomplish, and if there are any concerns, help to resolve those.
Which verticals have embraced IoT technology the most?
Black: For product manufacturers, especially those with valuable machines, downtime can by very bad. Being able to offer additional services is a positive for them and their customers, so they've really embraced IoT. There are a lot of questions in the industry around when IoT is coming, but from our perspective, it's here.
What is the worst-case scenario that could result from an IoT security failure?
Black: If you have a vulnerability on thousands of machines and you don't have the right security processes and procedures in place, that can be catastrophic. You can't walk over to a thousand machines with a USB cable and plug it in. That's actually where IoT can help solve problems, where if you use a software management solution and push out a patch to thousands of devices, you can have things remediated in hours or days, not years.
I think that because of the security concerns around IoT, people in some sectors will realize that you have to have a connected device in order to manage things appropriately.
Are IoT security-related dangers overhyped at all?
More on IoT
Find an introduction to IoT technology
Learn about cloud's role in IoT
Black: It's both overrated and underrated. A lot of the stuff that you hear that is sensationalized on television -- like with Homeland trying to assassinate the vice president through his pacemaker -- are probably not something that everyday citizens have to worry about. But there is a prevalence of machines in our lives and some very bad people in this world. Think about all the things that are machine-critical and run on electrical grids. One event could be really bad. I think a certain level of diligence is warranted, but worrying every time a vulnerability is exposed is probably not the right thing to do. You certainly want to close those vulnerabilities, but the worry around it is probably not warranted.
You hear a lot about the negatives [of IoT], but there are so many positives. If you have mission-critical software and you're able to update it right away, fix problems and allow for additional services, then those productivity gains are extremely valuable. Even if some incidences do occur, you have to take the good with the bad.
What are the most important things to remember when deploying IoT?
Black: The number one thing is to make sure you have executive buy-in. The reality is that IoT is going to touch every aspect of your business -- IT, security, operations, customer support, etc. If you don't have senior management saying, 'Yes, this is an important initiative,' you're probably going to have some challenges getting the project off the ground.
Next, get your connectivity strategy in place as quickly as possible, because oftentimes if you're manufacturing a product and you need to ship it out, there's work to be done beforehand when it comes to embedding the chips and software. There can be a long lead time involved with that.
Finally, dedicate personnel to IoT. Just having some guy whose part-time job is to manage connectivity is probably not the best way to drive success.
Follow SearchManufacturingERP on Twitter @ManufacturingTT.