Internet of Things (IoT) products have notoriously poor security that can be hacked to spy on you or access your data. In one of the largest DDoS attack ever on DNS provider Dyn, the attackers used a botnet through IoT devices including printers, IP cameras, and baby monitors. As more IoT devices hit the market, the chances are good for more frequent and even bigger security breaches.
Adding Internet connectivity to gadgets is a big selling point with consumers, and IoT device are a booming business. For consumers looking to set up a smart home with appliances and other devices all interconnected, network security takes a back seat to benefits like ease of use and price. And even with security controls built into devices, consumers don’t always enable the security settings properly, like changing the default password on the device.
DevOps-oriented companies can’t realistically secure IoT devices on a day-to-day basis when they’re finally in consumer hands. So while taking inventory and keeping up with updates of all internet connected devices is something each consumer or company should stay on top of, DevOps can help companies produce more secure IoT devices. Because DevOps builds security into its continuous development and deployment cycle, vulnerabilities are addressed through the product’s lifecycle. Security is baked in with DevOps. As the product goes through development, automated security testing occurs, which results in a product with fewer vulnerabilities.
The fact that IoT applications reside on a centralized cloud platform to support the thousands or millions of devices in the wild means a DevOps and IoT approach to managing the interplay between end-user applications and the firmware on IoT devices themselves is almost a necessity. DevOps speeds the velocity of software updates so that an IoT company can push out firmware updates to coincide with updates made to the iOS or Android app a consumer uses to control the device. Keeping both sides in sync means a better experience for the consumer as well as tighter security, because attackers often target outdated firmware as a way to gain control of an IoT device.
Lastly, DevOps is also effective at quickly responding to security breaches with IoT devices. An agile DevOps team is able to deploy fixes quickly to limit exposure to malicious attacks. Without DevOps system support, a smart home and all the personal data it contains remain vulnerable.