Not for the first time in the technology industry, security is taking a back seat, this time in the context of Internet Access Management (IAM) for the Internet of Things (IoT). Despite the connected digital world regularly falling victim to attacks from all manner of cyber criminals, the integration of IAM security and related standards is not keeping pace with the development of – or the ubiquity of – connected devices. While I appreciate the need for the IoT and connected devices to evolve rapidly, consumers have the right to insist that, this time, the industry gets the security aspect of the IoT right, first time.
Much of the problem with IoT centres around – as ever – the current lack of standardisation and regulation. For as long as there is a lack of standardisation and regulation, anyone can create their own IoT network with varying approaches to security of the devices attached to that network. This is against the backdrop of smart devices becoming much more interactive, to the point where pretty much everything becomes ‘smart’.
Take your headset; even that is connected today because it knows when you pick up your phone. What we’re seeing then is that as the technology becomes more widespread, IoT products are no longer positioned as niche products. With that dynamic in place, the need for security standardisation becomes even stronger.
Nothing’s Smart About Poor Security
Furthermore, I believe that the rise of Artificial Intelligence will make these smart applications even more user-friendly, applicable and usable… and therefore prevalent. We all know the well-worn example of a fridge telling us we’re running out of milk. While this is a fun and futuristic example that illustrates the potential, it’s not really applicable. However, some commercial applications already show promise and value. A good real-world example is the smart meter, which is growing in popularity in homes across the UK.
Every meter has its own unique identification code, and a whole eco-system for measuring energy use and precise invoicing has been built around it. This has an added value for energy providers, helping them to more accurately predict likely demand. With smart devices like these already helping us day to day, it’s even more alarming then that security seems to play second fiddle to the progress being made in rolling out smart devices.
My vision is that the virtual identity of a smart device should be placed at the same security level as a human’s digital identity. I take this view because the virtual network – which is fundamentally what the internet still is – does not make a distinction between humans, machines or hybrid. Surely then this reality should be a forceful driver for IAM security best practices in IoT.
Security Lessons Not To Be Forgotten
When companies deploy IoT offerings, I often find that what they get wrong from a security perspective is that they tend to fall back on a non-structured platform. In those cases, IAM is built as a feature, and not as a business enabler with device security in mind. In fact, you can actually draw comparisons between the mistakes being made today and how companies managed the IAM of human’s virtual identities 20 years ago. It is disappointing – to say the least – that some hard learned internet security lessons from the recent past, have already been forgotten.
Security Ahead Of Profit
Of course, one of the biggest challenges is the speed at which smart devices are launched. As long as no valuable assets are linked to the smart devices, it is very difficult to make an investment in IAM for IoT, profitable. This could also be a reason for the more relaxed approach to security, but there is the real danger that approach will come to haunt end-users and consumers alike in the near future.