Securing the Internet of Things

Some of the world’s most successful IT companies believe that Machine-to-Machine computing, the Internet of Things, will propel them to new heights.


Some of the world’s most successful IT companies believe that Machine-to-Machine computing, the Internet of Things, will propel them to new heights.

Some of the world’s biggest telecoms companies believe that the enormous amounts of data traffic produced by this new revolution will offset their declining revenues from voice traffic.

When supply side industry giants see progress or salvation in a technology revolution, the rest of us better wise up.

The Internet of Things is happening fast, and that means IT professionals and IT security experts need to be proactive. “The potential for innovation and business growth will be irresistible to most organisations,” says analyst house Forrester about the Internet of Things. If it is irresistible, there is a danger of it being unstructured and unplanned and, inevitably, insecure as a result.

To mitigate the risk you need both a propaganda message to the rest of the business and some practical action within the IT team.

The propaganda message is simple. The “I” in IoT is for internet. Some of us can remember the first internet revolution – the excitement about the possibilities and the naiveté about the potential problems that it could cause.

You need to encourage people about the possibilities of the IoT, particularly when combined with Big Data technologies, and scare them about what can go wrong. Done right, people will understand. Enough of the population have been victims of identity fraud, had their bank accounts phished or simply had their inboxes overwhelmed with spam for them to realise the dangers of a second wave of security problems.

But then IT’s work begins – and that involves designing-out traditional internet security vulnerabilities in any systems that are developed.

It means defining security accountability and implementing security checks at the machine level in any autonomous machine-to-machine processes.

It means creating boundaries and segmentation in industrial control systems to reduce risk and create barriers to stop Stuxnet-like virus attacks spreading.

IT teams have to understand the potential implications for the physical safety of humans in a machine-to-machine environment.

They have also got to drum into the business that seemingly inconsequential personal data that organisations gather can become sensitive when amalgamated and cross-referenced by Machine-to-Machine systems.

This will undoubtedly lead to more privacy control legislation, so educate the business about the need to adopt “right to be forgotten” policies, so start now to build opt-out functionality into systems.

You’ve got to do all this as well as ensure you have the networks, storage and analytics systems in place to take advantage of the new Internet of Things. Big opportunities ahead then, along with big headaches and plenty of work to do. Quite exciting really...

"Recommended For You"

What is edge computing? Cyber insurers could help drive IoT standards