Security must be part of device design as Internet of Things evolves

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

(Editor’s note: Who should be respon­si­ble for secu­ri­ty as we embrace the Inter­net of Things? In this guest essay, George Japak, man­ag­ing direc­tor of ICSA Labs, an inde­pen­dent divi­sion of Ver­i­zon, argues that it should be the device manufacturers.)

By George Japak, Spe­cial to ThirdCertainty

The Inter­net of Things (IoT) has been called the next big thing, but it’s actu­al­ly been around for quite some time in a dif­fer­ent form and with much more lim­it­ed con­nec­tiv­i­ty options than avail­able today.

In the past, con­nect­ed devices were not con­sid­ered “smart” and, as such, many orga­ni­za­tions did not con­sid­er them a high pri­or­i­ty to safe­guard. How­ev­er, this think­ing is flawed since any­thing con­nect­ed to the net­work requires protecting.

Relat­ed sto­ry: Boost secu­ri­ty dur­ing soft­ware development

George Japak, ICSA Labs managing director
George Japak, ICSA Labs man­ag­ing director

Over the past sev­er­al years, we’ve wit­nessed a tran­si­tion from devices con­nect­ing to a tra­di­tion­al net­work to a con­nect­ed ecosys­tem that uses a wire­less cel­lu­lar net­work. Now any­thing can be con­nect­ed to a wire­less net­work, even an auto­mo­bile. Just about any­thing and every­thing on your network—from a video­con­fer­ence cam­era to home security—is oper­at­ing in an open envi­ron­ment that is much more vul­ner­a­ble than in a closed envi­ron­ment. Think of it as being sim­i­lar to con­nect­ing to an unse­cured Wi-Fi network.

Secu­ri­ty & Pri­va­cy News Roundup: Stay informed of key pat­terns and trends

Avoid­ing the secu­ri­ty issues pre­sent­ed by devices attached to the net­work, whether they are based on old­er or new­er tech­nol­o­gy, starts in the devel­op­ment process. Safe­guards must be includ­ed in the design to sup­port pri­va­cy and secu­ri­ty, and a holis­tic view of the ecosys­tem is nec­es­sary to be sure devices are prop­er­ly con­fig­ured and deployed.

It’s best to per­form a risk analy­sis to under­stand poten­tial vul­ner­a­bil­i­ties of the devices on the net­work and what risk they might pose. A prop­er assess­ment should include con­fir­ma­tion that each device uses the appro­pri­ate lev­el of safe­guards to ensure secure access and data pro­tec­tion, etc. Secu­ri­ty test­ing should be an inte­gral part of any plan to ver­i­fy that the devices are pro­tect­ed and that they don’t intro­duce vul­ner­a­bil­i­ties into the net­work. Func­tion­al test­ing is need­ed to be sure the devices can be oper­at­ed securely.

As device con­nec­tiv­i­ty con­tin­ues to evolve, one old adage remains true—your net­work is only as strong as its weak­est link.

More on emerg­ing best practices
Encryp­tion rules ease retail­ers’ burden
Track­ing priv­i­leged accounts can thwart hackers
Impen­e­tra­ble encryp­tion locks down Inter­net of Things

Posted in Cybersecurity, Data Security, Guest Essays