As recently announced on the pages of IoT Business News, four of the tech world’s heavy hitters (Thales, Microsoft, Telstra, Arduino) have pitched in together to straighten out the security mess that characterizes the current IoT, especially as it relates to finding a way to apply a one-size-fits-all secure standard to how devices communicate with the cloud.
Why waste time with such an undertaking? It’ll allow for scalable security to be applied to any device that interacts with the cloud, and that’s a pretty big deal. The question then becomes how this “ultimate security solution” will affect the IoT security market.
The Problem with IoT Security
Scary malware developments like Ransomware-as-a-Service (RaaS) notwithstanding, the truth is that cloud data might actually be more secure than on-premise networks. The weak link, frankly, has been when the IoT was added to the mix. The IoT creates huge amounts of data each day, and cloud computing creates a means for that data to be either stored or transferred.
Securing this disorderly technology has been a little like trying to stay alive in the Wild West, with scoundrels, criminals, and gunslingers waiting around every corner. The first problem lies in the sheer volume of smart devices coming online. While typical internet-connected devices like tablets, laptops, and phones are expected to number about 7 billion in 2020, that figure is dwarfed by the estimated 31 billion IoT devices for the same year.
But the number of devices coming online is only a symptom. With Big Data exhibiting the potential to become history’s greatest resource, the obstacle in the way is the reality that manufacturers never have agreed on a standardized operating system or a strategy for securing this new universe of devices. It didn’t take long for hackers to realize that the IoT was a backdoor into all kinds of bad behavior.
But even as Big Tech like Google, Apple, Samsung, and Microsoft have entered the market with their own IoT platforms, the problem remains, nothing is compatible. For the IoT to truly grow into its potential, someone needs to organize this mess.
What Does Scalable Security Mean?
As the practice of locally installed software has faded into computing history and online operations have moved into the cloud, the greatest benefit derived has been the concept of scalability. This refers to the ability of a service to expand or contract to accommodate more or fewer users as demand fluctuates.
It’s easy to understand this concept in regard to something like web hosting but how does it apply to security? That’s what Thales, Telstra, Microsoft, and Arduino are trying to create in the IoT security market.
The first step towards that goal is to create a standard related to the operating systems and included security capability in IoT devices. While we could wait to see what the government might do, private enterprise often can come up with a better solution faster.
If you haven’t guessed it yet, a successful implementation of standardization and scalable security will be a big deal to those who work in the IoT security space. Here are just a few reasons scalability is a good thing:
- Keeps a system secure even under heavier loads.
- Reduces costs – you’re not stuck with an expanded level of coverage when demand drops.
- No longer relies on humans to identify the need to increase security with more demand – it’s done automatically.
- Peace of mind to system users that the appropriate security will be deployed under any conditions.
Implications and Implementation
Probably the most obvious consequence of scalable IoT security is that practitioners of the craft will notice their job just got easier. There won’t be the need to do all the hands-on tasks that accompany a rising demand for use. Security tools that run in the cloud will be much more self-sufficient.
For example, when a network running IoT devices with a dozen different operating systems experiences increased demand, you have to roll out a new instance of software, either an upgrade or new installation. Along with that you’ll need to bump up storage capacity and aggregate more logs.
As currently constructed, the IoT almost requires that security experts use a variety of different tools that each do one thing. How nice it would be to have multi-purpose tools designed to function in harmony on a cloud-based platform. In some instances, new tools will be developed. In others, the tools used will stay the same, but the location might change.
The first step towards reaching the land of IoT security scalability is to create a standard that applies to all IoT devices currently being added to networks. Once there is an end-to-end secure process for authenticating all communications between devices and the cloud, the next step will be to apply security to scale.
With GSMA already hard at work to make this a reality, don’t be surprised if the quality and efficiency of IoT security improves substantially in a short period of time.