With the IoT hot on everyone’s mind, security is a key challenge many connected product companies are struggling with. Recently 60 Minutes aired a segment showing a car being taken over and driven remotely. Other events making headlines include hacked baby monitors, home security systems, networked printers, etc. While these are isolated incidents, it’s enough to make consumers think twice about the IoT and open the eyes of the vendor community to the dangers of connecting products when IoT security is not adequately understood and addressed.
At the most basic level, IoT security must encompass the complete system surrounding an IoT device or connected product. This includes mobile and web apps, servers, databases and integrations with other systems, etc. Therefore, security professionals have their work cut out for them.
Recently I participated in a webinar with renowned security firm Leidos. As part of that conversation we discussed the most prominent security challenges connected product companies face. Let’s break those down:
- Data Compromise – One of the great things about connected products is the information they capture. That information allows companies to provide a better experience and service to their customers, create new revenue streams and much more. The problem with collecting customer data is that companies then have the critical responsibility to secure it.
- Unauthorized Access or Control –While there is a general fear about too much personal information being compromised, one of the bigger fears around the IoT is unauthorized access or control. No one wants a hacker to gain control of their connected device. This is also the most high profile security vulnerability that has plagued connected product companies to date with multiple high profile examples making headlines . In fact, not surprisingly, a quick survey we took of webinar attendees, this was the biggest challenge for 80% of respondents.
- Denial of Service – One of the greatest benefits of the IoT for consumers it’s always on promise. By deploying a connected device, you are promising a consistently available service. No one wants a connected home security system they can’t access. This can cause customers and inconvenience at best and irreparable reputation damage at worst.
- Device Cloning – Another device compromise can occur in the form of device cloning. In this type of security breach, foreign hardware can connect in a way that looks and acts like the correct device, but is not. This type of issue can quickly scale, and is a real headache for product companies because it can be hard to tell which devices are real and which are imposters. Junk data can quickly overload systems, costing companies massive time and money to fix.
- Unintended Device Functionality – Another scary security concern is devices being hacked and used in ways they were not intended. For example, a security camera being taken over and turned into spy cam that hackers can turn on anytime or an audio app turned into a listening app.
While this is obviously not an exhaustive list of security challenges connected product companies are facing, they are a few of the more popular ones facing the IoT today. So what can you do? Educate yourself on potential vulnerabilities. Know who your partners are and what their security posture is. Look to experts that can help you navigate the often rough waters of security. Investigate security technologies including PKI that can help fortify products against many of these vulnerabilities. And most importantly, ensure that security is purpose-built into every aspect of the ecosystem that is running your particular IoT product, service or device. Taking security into consideration at every stage of development ensures the best shot of offering an innovative, delightful and secure experience for your customers.