Securing the Internet of Things (IoT) is going to be a considerable challenge in the next decade, not least because the security implications are more varied than for traditional IT settings, according to ABI Research (www.abirsearch.com).
New variables come into play, including safety considerations, consumer privacy, and data protection. Media coverage has hyped the advent of hacked toilets and spammer fridges, but the underlying trend is worrying because it highlights the fact that secure product development is not the norm for connected things.
The IoT is subject to numerous vulnerabilities at all of its core layers: perception, network, and application. The balance between cost and risk often means Things are less likely to employ more complex, resource-intensive security, such as access control and authentication.
“Some of these issues will be addressed at the gateway level or at the platform layer, but this is only part of the solution for strengthening Things more generally. “Embedded security, trusted computing, security protocols—these are all fledgling areas of product development for the IoT, and manufacturers are still trying to find their feet and justify investment in secure design, development, and product lifecycle,” says says Michela Menting, cybersecurity practice director, ABI Research.
The research group says a few players are nonetheless pioneering the way for strengthening the IoT. Slowly shaping the market in embedded security or the testing and auditing of IoT applications prior to launch are the first steps in providing a trustworthy base: Arrayent, Hewlett-Packard, Microchip, NXP Semiconductors, Sonatype, and Wind River.