As the Internet of Things expands, so do the risks

Internet-connected devices offer hackers a portal to unsecured data

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

Get used to it. The Inter­net of Things is here to stay. In fact, IoT is on a fast track to make all man­ner of clever con­ve­niences part of every­day com­merce and cul­ture by the close of this decade.

Tech research firm Gart­ner esti­mates IoT end­points will grow at a break­neck 32 per­cent com­pound­ed annu­al growth rate for the next few years, reach­ing an installed base of 20.8 bil­lion IoT units by 2020.

Relat­ed sto­ry: Rubi­con Labs, oth­ers work to pro­vide secure cryp­to­graph­ic keys

Tiny sin­gle-pur­pose sen­sors designed to col­lect rich pro­file data on indi­vid­ual behav­iors, as well as on com­pa­ny sys­tems, already can be found in all man­ner of med­ical devices, auto­mo­biles, TVs, gam­ing con­soles, web­cams, ther­mostats, util­i­ty meters, house­hold appli­ances, man­u­fac­tur­ing set­tings and wear­able tech. Much more is coming.

It is incum­bent upon the busi­ness­es that deliv­er both the IoT devices—and the new Inter­net-con­nect­ed ser­vices IoT sen­sors make possible—to address the secu­ri­ty expo­sures that are part and par­cel of this rapid scale-up. For­tu­nate­ly, cyber­se­cu­ri­ty ven­dors are step­ping up inno­va­tion to do just that. Gart­ner projects that world­wide spend­ing on IoT secu­ri­ty will reach $348 mil­lion in 2016, up 24 per­cent from 2015 spend­ing, and climb steadi­ly to $840 mil­lion by 2020.

Johnnie Konstantas, Gigamon director of security solutions
John­nie Kon­stan­tas, Gig­a­mon direc­tor of secu­ri­ty solutions

I recent­ly sat down with John­nie Kon­stan­tas, direc­tor of secu­ri­ty solu­tions at Gig­a­mon, a sup­pli­er of net­work vis­i­bil­i­ty tech­nol­o­gy, to dis­cuss what’s on the hori­zon. Text edit­ed for clar­i­ty and length.

3C: What is the core secu­ri­ty chal­lenge accom­pa­ny­ing our rapid deploy­ment of bil­lions of IoT sensors?

Kon­stan­tas: IoT sen­sors are quite small and pret­ty cheap, too, and they don’t have a lot of mem­o­ry on them. Their whole point is to store a lit­tle bit of infor­ma­tion and then just for­ward it on to the cloud. If you think about how we tra­di­tion­al­ly use things like encryp­tion and a fire­wall to secure a mobile phone or lap­top, that’s very hard to do on a small IoT sensor.

So what you have is a con­duit into the cor­po­rate net­work deployed for the pur­pose of receiv­ing intel­li­gence, and you can’t real­ly push perime­ter pro­tec­tion out to these IoT devices.

There’s no ques­tion IoT sen­sors can poten­tial­ly be a way in. The IoT end­point could get infect­ed with mal­ware or it could be used as a lily pad to jump in deeper.

3C: What defen­sive approach­es look promising?

Kon­stan­tas: A lot of it comes down to con­tin­u­ous mon­i­tor­ing. These devices are going to always be on, trans­mit­ting intel­li­gence. The idea is to con­tin­u­ous­ly under­stand what the IoT device is for­ward­ing or receiv­ing 247. Sounds like a tall order, but doing that allows you to essen­tial­ly per­form ana­lyt­ics on IoT-gen­er­at­ed traf­fic. And with the prop­er kinds of secu­ri­ty ana­lyt­ics in place you will be able to sur­face anomalies.

3C: Sounds like big data ana­lyt­ics with an IoT twist.

Kon­stan­tas: Yeah, exact­ly. Big data ana­lyt­ics is noth­ing new. Secu­ri­ty ana­lyt­ics is noth­ing new. But both are actu­al­ly see­ing a resur­gence. Call it SIEM (secu­ri­ty and infor­ma­tion event man­age­ment) 2.0 for lack of a bet­ter word. This time SIEM is not so much about col­lect­ing large vol­umes of data; it’s more about get­ting the right kinds of data. It’s about prun­ing my data feeds to fig­ure out whether I have any risks asso­ci­at­ed with my IoT deployments.

3C: What key devel­op­ments are on the horizon?

Kon­stan­tas: I’ve been in secu­ri­ty since ’98, so I’ve seen a few pat­terns play out. The one con­stant has been that when cool tech­nol­o­gy emerges—like our abil­i­ty to do com­merce on the web or vir­tu­al­ized stor­age and computing—adoption tends to be a lot faster than the arrival of the tech­nol­o­gy to secure it. So it’s fair to say that our desire to take advan­tage of sen­sor net­works and IoT is going to out­pace our abil­i­ty to roll out secu­ri­ty infra­struc­ture to secure them as well.

More sto­ries relat­ed to the Inter­net of Things:
Tech­no­log­i­cal armor evolves to keep IoT devices safe from attack
Rip­ples from Inter­net of Things cre­ate sea change for secu­ri­ty, liability
Con­sumers should brace for home net­work intru­sions in 2016