Security must be part of device design as Internet of Things evolves
(Editor’s note: Who should be responsible for security as we embrace the Internet of Things? In this guest essay, George Japak, managing director of ICSA Labs, an independent division of Verizon, argues that it should be the device manufacturers.)
By George Japak, Special to ThirdCertainty
The Internet of Things (IoT) has been called the next big thing, but it’s actually been around for quite some time in a different form and with much more limited connectivity options than available today.
In the past, connected devices were not considered “smart” and, as such, many organizations did not consider them a high priority to safeguard. However, this thinking is flawed since anything connected to the network requires protecting.
Related story: Boost security during software development
Over the past several years, we’ve witnessed a transition from devices connecting to a traditional network to a connected ecosystem that uses a wireless cellular network. Now anything can be connected to a wireless network, even an automobile. Just about anything and everything on your network—from a videoconference camera to home security—is operating in an open environment that is much more vulnerable than in a closed environment. Think of it as being similar to connecting to an unsecured Wi-Fi network.
Security & Privacy News Roundup: Stay informed of key patterns and trends
Avoiding the security issues presented by devices attached to the network, whether they are based on older or newer technology, starts in the development process. Safeguards must be included in the design to support privacy and security, and a holistic view of the ecosystem is necessary to be sure devices are properly configured and deployed.
It’s best to perform a risk analysis to understand potential vulnerabilities of the devices on the network and what risk they might pose. A proper assessment should include confirmation that each device uses the appropriate level of safeguards to ensure secure access and data protection, etc. Security testing should be an integral part of any plan to verify that the devices are protected and that they don’t introduce vulnerabilities into the network. Functional testing is needed to be sure the devices can be operated securely.
As device connectivity continues to evolve, one old adage remains true—your network is only as strong as its weakest link.