IoT

IoT Device Security Concerns Could Limit IoT Growth

Nastel Technologies®
November 20, 2019

Would you deploy an IoT device if you knew it could be hacked? Surprisingly, the answer is usually “yes.” Even though security exploits are frequently reported, billions of devices are deployed every year because, in most cases, the tangible benefits of IoT solutions outweigh any perceived risks. However, a big increase in device breaches would change the risk-reward ratios driving these business decisions. Unfortunately, attacks are already on the rise. Last month, Kaspersky provided evidence of this trend by reporting that its honeypots detected 105 million IoT device attacks coming from 276,000 unique IP addresses in the first six months of this year—an alarming 7x increase over the same period in 2018. With IoT risks growing faster than IoT deployments, increasingly unfavorable risk-reward numbers will limit IoT growth unless device security is improved industry-wide.

Three industry trends offer the best prospects for reducing IoT security risks over the next few years. First, after many years of divergence, IoT device operating systems are beginning to consolidate. It’s a good bet that fewer, more widely adopted OS platforms will be more secure than many smaller ones. Second, mainstream IoT gateways and routers are becoming more trustworthy. This is critically important because routers and gateways are always exposed to the Internet and hacking them can open up unrestricted access to less secure devices that sit behind them. Symantec reported that in 2018 75% of IoT attacks targeted routers. If you think your home WiFi router is secure, you might want to run a web search on “router vulnerabilities” (Yes, now would be a good time to patch your router and review its security settings). Third, “big cloud” IoT ecosystems are increasingly focused on security and data trustworthiness. Controlling IoT ecosystems from end-to-end simplifies secure solution development by reducing the variability of system components. All three of these trends are pushing the risk-reward ratio in the right direction. In this blog, I’ll dig into the first one, device OS consolidation. I’ll cover the other two in subsequent blogs.

The first servers, PCs and smartphones had diverse platform architectures running a plethora of operating systems. Over time, Darwinian forces converged this chaos down to just two operating systems per platform type. Today, almost all PC clients run Windows or Mac OS, servers run Windows or Linux and mobile devices use iOS and Android. These mainstream platforms are trustworthy enough for worldwide deployment because massive investments in security threat modeling, architecture, hardware abstraction, system software, testing, patching, updating and monitoring are amortized over hundreds of millions of devices. Application developers deploy solutions on top of these platforms without tampering with the underlying security architecture. Security is therefore robust and consistent industry-wide.

Although the same kind of convergence is beginning to happen for IoT, the process will take much longer because embedded systems span a wide range of capabilities—from tiny sensors powered by coin cells to computationally intensive edge devices such as cameras with built-in AI-based image recognition. Each IoT application has unique characteristics that determine device requirements for compute power, physical size, network architecture, sensor interfaces and cost. Platform diversity drives IoT developers to build custom software stacks with unique implementations for OSs, system services, networking, security and software update. The cost of securing and updating these one-off stacks is spread over a relatively small number of systems so the overall trustworthiness of IoT devices is usually much lower than for mainstream platforms like phones and PCs.

The good news is that OS convergence is already taking place, particularly for larger IoT devices that run variants of Linux. Today, there are about a dozen mainstream embedded Linux distributions and some consolidation is expected. However, embedded programmers often need to build their own custom versions of Linux by selecting only the features actually needed for their application. Yocto (Linux Foundation) is a standards-based set of tools and procedures that uses the OpenEmbedded build automation framework to create customized Linux OSs for a wide variety of hardware from a common code base. Standardizing the Linux customization process is a big step towards OS defragmentation for microcomputer-based IoT devices.

This article originally appeared on forbes.com To read the full article and see the images, click here.

Nastel Technologies uses machine learning to detect anomalies, behavior and sentiment, accelerate decisions, satisfy customers, innovate continuously.  To answer business-centric questions and provide actionable guidance for decision-makers, Nastel’s AutoPilot® for Analytics fuses:

  • Advanced predictive anomaly detection, Bayesian Classification and other machine learning algorithms
  • Raw information handling and analytics speed
  • End-to-end business transaction tracking that spans technologies, tiers, and organizations
  • Intuitive, easy-to-use data visualizations and dashboards

Nastel Technologies is the global leader in Integration Infrastructure Management (i2M). It helps companies achieve flawless delivery of digital services powered by integration infrastructure by delivering Middleware Management, Monitoring, Tracking, and Analytics to detect anomalies, accelerate decisions, and enable customers to constantly innovate, to answer business-centric questions, and provide actionable guidance for decision-makers. It is particularly focused on IBM MQ, Apache Kafka, Solace, TIBCO EMS, ACE/IIB and also supports RabbitMQ, ActiveMQ, Blockchain, IOT, DataPower, MFT and many more.

 

The Nastel i2M Platform provides:

  • Secure self-service configuration management with auditing for governance & compliance
  • Message management for Application Development, Test, & Support
  • Real-time performance monitoring, alerting, and remediation
  • Business transaction tracking and IT message tracing
  • AIOps and APM
  • Automation for CI/CD DevOps
  • Analytics for root cause analysis & Management Information (MI)
  • Integration with ITSM/SIEM solutions including ServiceNow, Splunk, & AppDynamics

Comments

Write a comment
Leave a Reply
Your email address will not be published. Required fields are marked *
Comment * This field is required!
First name * This field is required!
Email * Please, enter valid email address!
Website

Register to Download

Subscribe

Schedule a Meeting to Learn More

Become an Expert

Schedule a Demo