With billions of people connected to the internet today, and the number of connected devices to exceed 50 billion by the year 2020, the Internet of Things (IoT) represents a major transformation in a digital world that has the potential to affect everyone and every business.
IoT can be defined as physical objects that connect to the internet through embedded systems and sensors, interacting with it to generate meaningful results and convenience to the end-user community. The IoT will help to enable an environment with the flexibility to provide services of all sorts, ranging from home automation to smart retail/logistics, and from smart environmental monitoring to smart city services.
The ever expanding IoT world
IoT is already integrated across several areas where technology adoption is accelerating. Key sectors, such as health care, education, financial, retail, communications, hospitality, industry, transportation and agriculture, are being enriched by IoT based technology.
The multiplying effect of IoT challenges
As with any emerging technology, IoT is a double edged sword that brings many risks and challenges. While the IoT is entering daily life more and more, it is enlarging the surface area for attackers by many times. IoT is synonymous to ‘always on’ technology, and in today’s world of “always on” technology with no enough security awareness on part of users, cyber attacks are no longer a matter of “if” but “when”. The always-connected nature of IoT devices makes them especially vulnerable to breaches from outside attackers or from compromised devices sharing the same network.
It requires significant commitment of leadership, organization wide resources and funding to embed the IoT security across the organization.
The connected devices will continue growing, and eventually, everything will be wirelessly connected. The first line of defence is to protect the network infrastructure. The gateways that connect IoT devices to company and manufacturer networks need to be secured as well as the devices themselves. In contrast to human-controlled devices, they go through a one-time authentication process, which can make them perfect sources of infiltration into company networks. Therefore, more security needs to be implemented on these gateways to improve the overall security of the system.
There also must be a sound plan for installing security updates on IoT devices. The idea of manually installing updates on thousands of connected devices is definitely out of the question, but having them automatically pushed by manufacturers also can be a risky business. Proper safeguards must be put in place to prevent updating interfaces from becoming security holes themselves.
To ensure high availability of their services, organizations must consider adding bandwidth and boosting traffic management and monitoring. This will help mitigate business continuity risks and prevent potential losses. In addition, from the project planning standpoint, organizations would need to do capacity planning and watch the growth rate of the network so that the increased demand for the required bandwidth can be met.
Ensuring continuous availability of IoT-based devices will be important to avoid potential operational failures and interruptions to enterprise services. Even the seemingly simple process of adding new endpoints into the network may require the business to focus its attention on physical attacks on the devices in remote locations. This will require the business to strengthen physical security to prevent unauthorized access to devices outside of the security perimeter.
IoT must change the way businesses do business
Stakeholder engagement and awareness are critical for IoT-related risk, as they are with any other risk. Following are some of the key questions that organisations should consider before deploying IoT:
- How will the device be used from a business perspective? What business processes are supported and what business value is expected to be generated?
- How are the risks associated with IoT being addressed?
- Who will have access to the device and how will their identities be established and proven?
- What is the process for updating the device in the event of a published attack or vulnerability?
- Who is responsible for monitoring for new attacks or vulnerabilities pertaining to the device? How will they perform that monitoring?
- Are your technology investments aligned with opportunities and threats?
- What personal information is collected, stored or processed by the IoT devices and systems?
- Do the individuals about whom the personal information applies know that their information is being collected and used? Have they given consent to such uses and collection?
- With whom will the data be shared/disclosed?
- What is your accountability and governance structure/model for IoT execution?
IoT has the potential to be huge and is already changing the way people live, work and play, but making use of it responsibly requires forward thinking, appropriate planning and open dialog. An organization must evaluate all the risks holistically to ensure that business value is maximized while risk is minimized.
Follow us @EY_India