This content is part of the Essential Guide: How to prepare for the emerging threats to your systems and data
Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

IoT security a hurdle to world of connected 'things'

Despite its massive potential, the Internet of Things is ushering in new and unique security challenges. But who's responsible for tackling them?

With its growing network of connected gadgets -- ranging from coffee makers to cars -- the Internet of Things will have a major impact on both enterprises and consumers. However, despite IoT's huge potential, it's posing a new set of IoT security concerns.

"As a technologist, I don't get freaked out about stuff like this … but if you combine [IoT device data] with other pieces of personal information [devices] gather about us, they can paint a pretty complete picture of what we do with our day, how we behave and who we are," said David Linthicum.

In a recent podcast, Linthicum discussed IoT security concerns and more with Randy Bias, VP of Technology at EMC. Other topics include:

    1. Have compliance regulations and legislation limited IoT security? "All the compliance regulations we've put in to date haven't significantly made our security better over the last 10 to 15 years," Bias said. "In fact, arguably, it's worse."

      Edward Markey, Massachusetts senator, is lobbying for legislation for information collected from automobiles. But is that the answer? "We do need laws to hold businesses and individuals responsible for data security, privacy and so on, so there's accountability," Bias said. "But this whole thing of new legislation to try to make sure that the Internet of Things is more secure is just ridiculous."

      Who is to blame if an automobile is hacked? Bias and Linthicum agreed the situation has happened before. (3:30-8:56)
    2. Cloud Foundry is an open source platform with major vendor support, but some question whether it is open enough. "I'm unaware of anybody who set up an open source foundation that didn't receive criticism about how they did it," Bias said.

      Is this criticism similar to what OpenStack and CloudStack received? "No matter what you're doing, you're going to open yourself up for criticism if you're trying to go big," Bias said.

      "Go big or go home," Linthicum agreed. (8:57-11:45)
    3. Box, a file sharing and cloud storage company, added enterprise key management (EKM) to its repertoire. Is security a concern?

      "Everybody in the enterprises freak the heck out around this stuff, around using this or Dropbox or things like that," Linthicum said. "[Enterprises] are becoming much better at taking the security issues off the table."

      Should enterprises continue to trust this technology?

      "These cloud-based security processes and mechanisms [like Box EKM] have a tendency to be a lot more foolproof than some of the things we have in the enterprise with the existing systems," Linthicum said. (11:46-20:44)

Next Steps

Analyzing the Internet of Things' enterprise potential

How to secure the Internet of Things

Guiding the enterprise to open source cloud

Dig Deeper on Internet of Things (IoT) Security Threats

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

In my opinion, legislation on IoT security is merely prescriptive. Instead, why not let IT focus on mitigating the security risks through real technical solutions?
Since it's wide open and new devices are coming on all the time in form factors we've never considered, it seems wise to let the protocols and the players determine themselves. Good citizens and team players will find themselves in the vanguard. Rogue elements will find themselves locked out. Let these devices have the first crack at policing themselves before overzealous bureaucrats have their way.
What a good question. The answer OTOH isn't nearly as easy. As long as everything's humming along nicely and my data is safe, it's someone else's problem to keep everything organized and humming along. As soon as my files are expose, it's my problem, everyone's problem and I need it fixed now. 

While I'm no IoT expert, I know enough to know that my fitness tracker isn't the most secure device in the world. And it's now connected to everything, my data and yours, too. Perhaps now, before the whole enterprise collapses, would be a good time to work on the fix we'll certainly need.. 
IoT security will continue to be a hurdle as long as their is no single standard.