By Larry Stefonic, Co-Founder, wolfSSL
It’s an exciting time in the technology world. The Internet of Things (IoT) has quickly gone from a far-reaching concept to a legitimate reality. Nearly every company out there is looking to create connected products that will bring true innovation to their industry and make life easier for all of us. It wasn’t that long ago that the plain old Internet made those same promises – promises we can confidently say were fulfilled beyond expectations. The path to innovation can be bumpy. However, when the Internet became a mainstream technology, we couldn’t have possibly fathomed the benefits and risks it set forth. The early days of the internet are not unlike these early days of the IoT – fast paced, pressure-filled, and potentially extremely profitable for those who innovate. The advantage IoT pioneers have over the Internet pioneers is that we have their lessons to help us make the route to success a little easier to navigate.
In the early days of the Internet, security was a thought, but not a priority. Often times, security was bolted on to a finished product just prior to shipping. It didn’t take very long for cybercriminals to recognize the immense opportunity that resided within insecure internet connected devices and took even less time for those criminals to penetrate the walls that were set up. As we embark on this next era of computing we need to look at security as a priority to ensure history does not repeat itself.
Since the IoT is very much about the connection of devices, let’s talk about the fundamentals of device security. There are really four main areas to consider:
- Securing the Connection – One of the most attractive aspects of the IoT is the fact that you can connect devices to each other. For example, if a connected car can talk to a connected home – lights could be turned on upon your arrival, thermostats could be turned up or down, security systems could be automatically activated or deactivated, etc. But if someone outside the authorized party was able to infiltrate the connection and steal the information being exchanged between the home and the car – they could determine when a house is unoccupied, grab home security system data, etc. We’ve seen countless examples of Man-in-the-Middle attacks on the Internet and connected devices are certainly susceptible if not secured properly.
- Device Authentication – Along those same lines, you want to make sure your connected devices are talking to the device it thinks it’s talking to and not an imposter. Hackers are really good at pretending to be legitimate users so strong authentication on all your connected devices is incredibly important.
- Secure Firmware Updates – Firmware updates are vital to device security, but making those updates on complex connected devices isn’t that easy. The sheer scale of IoT connected devices makes it nearly impossible for a manufacturer to make service calls on each and every one. While the scale makes manual updates nearly impossible, updates are necessary due to the large ecosystem connected devices share. One vulnerable device can bring down the bunch. We will address this topic in more detail in later posts.
- Securing Data on the Device – One of the reasons we love our devices so much is because of their mobility. Smartphones and laptops by their nature are much more likely to fall into enemy hands than a computer housed in a server room. And when you think about all of the information that is housed on these devices – both personal (mobile wallets) and professional (corporate IP, sensitive emails) ensuring proper security for this information is imperative.
While I refer to these as security fundamentals – I also understand that this can sound overwhelming for anyone who doesn’t live and breathe security. The good news is that there are security experts out there to help.
The wolfSSL/Xively partnership provides IoT innovators with a proven track-record in security. To date, wolfSSL secures over 1 Billion IoT connections. With support for 30+ operating environments and hardware crypto, wolfSSL provides the most robust solution in IoT security. Beyond our technology, you can rely on us to be available to help you achieve your goals in innovating in the IoT. We’re people that you can call upon for world class support, just when you need it.
When bringing a connected product to market, partner with companies who understand the IoT and how to best help build security into the product. By finding the right partners, companies can keep the focus on bringing the product to market while still knowing that security has not been an afterthought.