Imagine walking into your home and suddenly becoming aware of an unknown presence. Only it’s not someone hiding in the closet and it’s not someone lurking just out of sight around the corner. It’s someone monitoring you through one of your many connected devices. Although your smart home provides you with unprecedented convenience, the internet of things (IoT) also provides a portal through which hackers can take control of devices or monitor your movements and your words.
The IoT presents cybersecurity headaches because it adds a whole new level of complexity to cloud computing—it increases the volume of data exponentially—and thanks to edge computing, it increases the number of data access points. Right now, regulatory agencies enforce cloud compliance standards related to “software validation, data integrity and cyber security.” So, any company with an IoT device—such as a life sciences company that is making a connected medical device in a booming industry—must make sure the cloud software for the device meets cybersecurity standards.
Yet, when it comes to the IoT’s viability in conjunction with the cloud, the jury is out. On one hand, the IoT as it stands now wouldn’t exist without the cloud, which provides warehouse, analysis/visualization, and deployment functions for all the data smart devices create. On the other, the number of connected devices is due to grow exponentially by 2020. As observers are pointing out, it doesn’t seem feasible for the centralized cloud to handle the amount of big data connected devices will create.
So, once the edge cloud fully enters the picture, there will be three levels concerned with IoT cybersecurity: firmware (software embedded in connected devices), edge computing server nodes, and the cloud.
Securing IoT devices is much like securing devices you already use to connect to the internet:
Firmware must be updated regularly
Devices should require user authentication—including “knowledge factors” (information specific to a user: unique ID, password, security question), “possession factors” (verification, through security token or pin, that the device is in your possession), and “inheritance factors” (biometric information or device-specific cookies)
Encryption keys and SSL certificates should also be implemented in order for the device to transmit data
IoT devices don’t typically meet all of the above security criteria. There aren’t regulations forcing device manufacturers to make data security the number one priority. Connectivity and sales are the number one priority. The problem with a smarthome right now is that connected devices come from a variety of manufacturers, and they don’t all follow the same security protocols. When all of the devices are linked, outdated firmware in a single device creates vulnerability for the entire system.
And that’s just at the device level. Edge computing server nodes will present another layer that must communicate date securely from the device to the cloud. If nodes aren’t regularly updated and monitored for malicious code, data from devices could be easily compromised at the edge.
This high level of complexity doesn’t look promising for the IoT. TechCrunch contributor Jon Hedren says, “The IoT ‘dream’ as sold by the industry is pretty cool, but it’s still just a dream. For now, these devices remain generally shoddy, insecure and easily breakable — and must be treated that way, especially when the stakes are high.”
The only way to solve this problem will be to minimize complexity. With thousands of manufacturers free to operate as they please within the security spectrum, there are too many vulnerable points. Governments need to implement strict and uniform regulations for these devices, such that, if a device manufacturer doesn’t adhere to regulations, they can’t sell their product in any of the cooperating countries.
On an endnote, adding edge computing onto centralized cloud computing for the IoT makes sense, but it adds yet another layer of complexity. A blockchain infrastructure could replace both edge computing server nodes and the cloud. This doesn’t look likely with huge players like Amazon and Google in the mix, but with the future of IoT security looking so unclear, it’s well worth considering.
Leave Comment