The digital five forces (Mobility-Pervasive computing, Big Data, Social Media, Cloud, Internet of Things) had made their impact significantly throughout the world individually. But from few years ago, these forces were combined and enforced to digitalize many services and processes completely.The primary force responsible for this vast automation of services is the Internet of Things (IoT). It is described by Ramirez as “moving small packets of data to a large set of nodes so as to connect and automate everything from home appliances to business applications. Tech Giants speculate that in 2020 there will be more than 40 billion connected devices, including smart wearable’s, connected vehicles and also connected homes.
IoT also creates tremendous opportunities for enterprises to develop new services and products for their customers.IoT devices throughout the world generate huge datasets for organizations and people’s activities.In order to reap the benefits of IoT such as proactive maintenance and smart decision making, we need to use Big Data tools to analyze these datasets. Besides, a large number of people organizations should be able to access services provided by an IoT device efficiently at anytime and anywhere on earth. This requirement propels the need for Cloud Computing and Mobility-Pervasive computing.
Despite facilities and services offered by IoT we have unexpected risks and happenings; Intruders can analyze dynamic data that belong to individual or organization and track their activities. Greater the volume of sensitive data, greater is the risk of data and identity theft, device manipulation, data falsification,etc., Have you ever thought of your “Personal Home Robot” connected to the network can become a security breach for the hacker to compromising your personal data and do something disastrous?Say, the intruder may control your robot to attack you when you are asleep; well this is going to happen in future. Are you still one of those people who think that we are safe, no certainly not.
Business Challenges posed by Insecure IoT:
- Distributed Denial of service attacks: For instance, if thousands of IoT nodes try to access an e-commerce website during the annual sale and the customers cannot access their services, then the enterprise's happy customers will become frustrated, resulting in revenue loss and customer dissatisfaction.
- Lacking effective device security mechanisms: While manufacturers are responsible for the security of their products, organizations and end users should not blindly deploy smart devices, assuming they’re completely secure. Technologies and protocols used by each organization’s smart devices inhibit interoperability.
- Knowing possibilities of vulnerabilities: Imagine using an IoT device like a simple thermostat in the nuclear plant to manipulate temperature readings. If attackers compromise the device, the consequences are disastrous. So, the vulnerabilities can be infinite and highly-complex.
- Identifying and Implementing security controls: In the IT world, redundancy is critical; failure of one product makes other successful. The concept of layered security works similarly, but it’s important how well enterprises can layer security and redundancy to manage IoT risk
- Insecure device software: All IoT devices have an embedded operating system deployed in its firmware. Security is not the primary concern of embedded operating system. For instance, we all are aware of the loads of malware that is present over the Internet to compromise security in Android-based devices.
- Wi-Fi enabled devices connected to LAN without proper security: This is the biggest threat to IoT security as TCP/IP-based endpoints are allowed on a LAN without enterprise-level security protocols in force. A “smart” water purifier connects to LAN and provides potentially malicious endpoint behind their firewall.
- Replication: Embedded devices are produced in masses of thousands or millions of identical devices. If a hacker does the successful attack against one of these devices, the attack can be replicated across all devices.
- Protection of data: Large amounts of databases need to be protected from hackers to avoid tracking enterprise or individual secrets or activities.
- Lack of Long Term Support: Device vendors don’t update their software after 2-3 years, so imagine what will happen to those IoT devices that might be on your network for years.
Secured IoT - Solutions to make IoT secure
Everyone has a role to play, from IT organizations to individual developers. Research indicates that the majority of IoT devices are insecure.
Some solutions which drive towards secured IoT are:
- Enforce security from beginning: Identify any IoT devices in your network, and examine the data they manage and how they manage it.
- Long-term support/updates: Secure IoT devices would either have to be secure by design from the start or receive vital updates throughout their lifecycle
- Secure access control and device authentication: Operating systems created by Apple and Microsoft and technologies such as micro kernels can be used with embedded systems to isolate the systems in the event of a security breach.
- Know your enemy: It is vital to study threats and potential attackers before tackling IoT security. Avoid data risk, backup as many personal data as possible from IoT devices.
- Prepare for security breaches: Identify where security controls are needed and then implement effective controls. Organizations should conduct risk assessments and also educate customers, employees and everyone else involved in the process about the risks and how to avoid them.
Confidence in and acceptance of IoT will depend on the protection it provides to people’s privacy and the layers of security it guarantees to systems and processes
In turn, IoT can contribute more to these efficient activities:
“Automation-EnergyManagement-Proactive Maintenance-Quality of Life-Better Decision making-Resource Optimization-Increased awareness-Improved productivity”
“Security at both the device and network levels is critical to the operation of IoT.The same intelligence that enables devices to perform their tasks must also enable them to recognize and counteract threats.This does not require a revolutionary approach, but rather an evolution of measures that have proven successful in IT networks, optimized for the new and extremely complex embedded applications, adapting to the challenges of IoT and to the constraints of connected devices will be a great leap towards the success and security of IoT”