Scott Andersen

Security and the Potential of 2 Billion Device Failures

IoT Device Failures

I have, over the past three years, posted a number of Internet of Things (and the broader NIST-defined Cyber Physical Systems) conversations and topics. I have talked about drones, wearables and many other aspects of the Internet of Things.

One of the integration problems has been the number of protocols the various devices use to communicate with one another. The rise of protocol gateways in the cloud service provider market is an incredibly good thing. Basically, this allows an organization to map sensors and other IoT/CPOS device outputs to a cloud gateway that will connect, transfer and communicate with the device – regardless of the device’s protocol of choice.

Racing out of the Gate

horse-race-1507078_640

What the new gateways do is remove integration as a stumbling block for ongoing and future IoT solutions. Pick the wrong horse in the initial protocol race? With a gateway, it doesn’t matter. You can, over time, replace the devices deployed with the orphaned protocol and move forward with your system. The cloud service provider protocol gateway gives you the flexibility to also consider deploying multiple types of sensors and protocols, instead of limiting your organization to one.

The question going forward is this: does the integration provided by the gateway give rise to the broader concept of an IoT broker? This is where the services offered by IoT devices could be parsed out and shared within organizations and companies that are members of the broker. Think of it as being like a buyer’s club for sensors.

From my perspective, the issue that keeps me awake at night is IoT device security. For the most part, IoT devices are often ‘fire and forget’. Yes, occasionally, you may have to change a battery or replace a cellular connection. Sometimes you may have to update how the device is deployed. Others just aren’t going to be attacked because you won’t gain anything. I read an article that wrote about hacking the river monitoring system, causing a flood downstream. I thought about that for a long time, and I realized the reality of flooding is we know when it coming and everyone would be out there with manual measurements anyway. That would work. There are other ways to create an effective attack through the IoT.

It is the security of IoT devices that will become more and more troublesome. Firstly, because the number of them is growing rapidly. From 10 billion or so deployed in 2015 to more than 40 billion devices deployed by 2020. That’s 4 times the devices in the next 4 years.

If we consider the reality of devices, that means that many devices that are deployed today will still be deployed in 4 years. The cost of devices and often the capital expenses for hardware are spread over 3 to 5 years. That means a growing number of devices will be already deployed by 2020. It isn’t a run to the cliff and then leap into 40 billion deployed devices.

2 Billion Device Failures

IOT-DEVICES-BW

What scares me is that there are 10 billion or so devices deployed today. Logically, 2 billion of them will fail. 2 billion more will be replaced naturally. That leaves 6 billion devices deployed with the security solutions of today – that will rapidly become obsolete. That is a fairly expensive number to replace. The gateways mentioned earlier in this article will suddenly appear again. Today, they represent a way to bring multiple IoT protocols together. In the future, they will become the best line of defense for deployed devices.

Deploying secure solutions at the gateway level will be the best defense against attacks for IoT devices that do not have integrated security. The next-best thing would be the deployment of devices with easily removed security modules, but that is a consideration for upcoming devices – not ones deployed today.

A secure IoT future – enabled by a simple cloud gateway.

By Scott Andersen

Scott Andersen

Scott Andersen is the managing partner and Chief Technology Officer of Creative Technology & Innovation. During his 25+ years in the technology industry Scott has followed many technology trends down the rabbit hole. From early adopter to last person selecting a technology Scott has been on all sides. Today he loves spending time on his boat, with his family and backing many Kickstarter and Indiegogo projects.

CONTRIBUTORS

Part 1 - Identity Assurance by Our Own Volition and Memory

Part 1 – Identity Assurance by Our Own Volition and Memory

In an earlier article we discussed what technology can displace the password. The proposition of Expanded Password System (EPS) that ...
Chris

Why An Inside-Out Approach to Cloud Security Is Your Safest Bet

Cloud Security In September, McKinsey released what might be looked back upon as a seminal survey. It opened the report ...
IoT Trends

The Internet of Attacks: Disturbing Online IoT Trends

Disturbing Online IoT Trends If you thought the worst thing to come out of the Internet of Things (IoT) trend ...
5 Simple Tips to Help Avoid Ransomware

5 Simple Tips to Help Avoid Ransomware

5 Tips to Avoid Ransomware Ransomware is a particularly pernicious form of malware: unsatiated by simply using your system as ...
API security

3 Steps to Better Security in the API Economy

API Security Whenever you’re working online with the Internet, security is also a top concern. Any mistakes or lapse of ...
Secure Business Agility

Why Information Security Need to be Empowered to Manage Data Breaches

Manage Data Breaches 2017 saw over 2 dozen major security breaches in 2017.  While the public may have grown numb to ...
Part 2 - Identity Assurance by Our Own Volition and Memory

Part 2 – Identity Assurance by Our Own Volition and Memory

Identity Assurance by Our Own Volition and Memory We believe that the reliable identity assurance (See part 1) must be ...
Secure Business Agility

THE AGE OF DATA: THE ERA OF HOMO DIGITUS

The Age of Data In our digital era data deluge – soaring amounts of data, is an overriding feature. That’s ...
Chris

The Cloud Isn’t a Security Issue; It’s a Security Opportunity

Security Issue In order to stay ahead in today’s competitive business landscape, companies need to constantly innovate. Development teams must ...
The New Kids On The Block: Data Protection Officers

The New Kids On The Block: Data Protection Officers

Data Protection Officers The General Data Protection Regulation (GDPR) is officially here. Yet, organizations are still unaware, are ignoring, or ...