Making IoT secure for the business

Vincent Delaroche, CEO of CAST, looks into the obstacles facing companies investing in the IoT.

Whilst most of the chatter about the Internet of Things (IoT) has been around consumer applications, momentum has increased among enterprises using IoT ideas for sensors and networks. Manufacturing and agricultural industries, for example, have already exploited the benefits IoT can bring. However, as businesses edge ever-closer towards capitalising on this growing trend, practical challenges remain. Namely, those related to data integrity and safety, application security and network security.

The opportunity IoT presents is a big one. Manufacturing plants can better monitor machines and predict when they will break or require maintenance, whilst farmers can install sensors out in fields to measure weather conditions and ensure the optimal environment for crops. Nevertheless, measures must be put in place to safeguard these connected devices to protect brand reputation and avoid damaging data corruptions.

As the IoT market expands (analyst firm Gartner predicts there will be over 20 billion connectable devices worldwide by 2020), concerns around protecting intellectual property (IP), data and operational infrastructure have become more urgent. There have already been many data breaches where smart devices have been the target, notably Osram, which was found recently to have vulnerabilities in its IoT lightbulbs, potentially gifting an attacker access to a user’s network and the devices connected to it.

More data, more problems

The deluge of new devices and related data sources results in a greater risk of data corruption, loss of integrity and hackers exploiting the weaknesses in a company’s IT ecosystem. Organisations planning on implementing IoT programs must be ready to manage, measure and guarantee software reliability and performance. Company databases need to be able to handle the vast amount of new data generated by IoT. For example, Quartz recently estimated connected cars alone will send 25 gigabytes of data into the cloud every hour.

It will become increasingly important for businesses, and their CIOs, to implement a data management strategy that standardises security and quality measures under a unified umbrella. Whilst the fear that hackers will gain access to a company’s data store remains, the most dangerous threat actually lies in the company’s intrinsic data integrity. In healthcare, for instance, poor programming could result in a big data glitch which would extremely be demining given the magnitude of the consequences.

IoT security must be scalable

Clearly, IoT has big implications for IT portfolio health and security. As organisations ensure their application portfolios can scale and grow with the business, they must now do the same for IoT. Simply ‘bootstrapping’ IoT into existing IT systems doesn’t guarantee they perform at scale.

The introduction of IoT increases the number of interfaces that existing systems must support, and multiplies data flows and data stores at great speed. Current system architectures need to be tested and most likely redesigned to support this magnitude of data and connections. Security and scalability are two vital cogs in the wheel to support IoT. All data must be controlled by a secure access software layer, and any bypass of that software layer will have to be enforced.

Architecture redesign will need to be carefully considered. As the development scrums build incremental new functionality to support IoT applications, these architectures should be governed and checked systematically and holistically, throughout the data journey, with every sprint. Continuous automated architectural governance is a relatively new concept that leading IT organisations must implement as part of their enterprise agile frameworks in order to ensure scalability and security.

Secure the ecosystem

Poorly architected IT systems remain one of the biggest software risks today. Architectural quality and security are particularly sensitive and crucial for today’s data-intensive systems, such as Invoicing and CRM. An immediate and significant increase of the overall software security and integrity across all newly implemented IoT and IT systems is a must.

Worryingly, Capgemini’s research found only 33% of organisations believe their IoT products to be resilient against future cyber threats, and less than half focus on securing their IoT products from the start of the development phase.

The Open Web Application Security Project (OWASP), a community dedicated to helping organisations build applications that can be trusted, navigates businesses through IoT security complexity. They recommend:

  • All system devices have updated capacity and can be updated quickly when vulnerabilities are discovered.
  • Updated files are encrypted and transmitted using encryption.
  • Updated services are secure.
  • Products have the ability to implement scheduled updates.

Additionally, the Consortium for IT Software Quality (CISQ), a standards group founded by the Software Engineering Institute (SEI) and the Object Management Group (OMG), promotes a comprehensive quality measurement framework to build resilient, efficient and safe IoT and IT systems. It is vital the measurement of quality happens at the system level because it is the source and often the root cause of the most dangerous software flaws.

Thinking forward

Security and privacy remain a serious concern for IoT programs. Even with CIOs taking steps to secure IoT data, threats are often well outside their control. Modern-day hackers now execute attacks with high degrees of sophistication, and if poor systems have been constructed then the threat remains in evolving business environments.

To stay ahead of the game, businesses must establish control over their software portfolios and begin to beef-up software integrity and security measures.


Edited for web by Cecilia Rehn.