Bring Your Own Internet of Things
BYOD will evolve into BYOIoT in 2015, which means businesses will need to wake up to the potential risks that come with employees using wearable devices.
At the onset of 2014, smartwatches were for early adopters, but when Apple joined the fray it accelerated the wearable tech revolution. The number and variety of wearable devices is set to explode in 2015, and enter the workplace.
But the apps they are built on are only as strong as the ecosystem around them, the mobile apps, social media APIs and website interface to analyze the data, will need to evolve at the same rate as the devices themselves.
There are a number of opportunities to be had: The rapid growth of devices and IoT business ideas will make more people sit up and take notice of related opportunities.
Take aggregated fitness data, for example: fitness band users may have little control or awareness of how their data is stored, exchanged or sold on. It seems inevitable that insurance companies may be interested in aggregated data about exercise and fitness habits that they could be used in conjunction with personal data such as geography or age brackets.
However, there are also risks: the more links in the chain, means the greater the security risk. With everything connected, one chink in the armor could lead to serious security implications.
Businesses need to be mindful of what data external devices bring into the business and what they take away with it. Users must be more mindful about how wearables gather their data.
Unfortunately, we will likely see some incidents before this is taken seriously. It may be that vendors need to take a leaf out of Google’s book and ultimately adhere to a ‘right to be forgotten’ approach, for data generated by IoT devices such as wearables.
In the meantime, businesses need to look at whether they get employees to register their connected devices, and whether they roll out a policy or code of conduct, particularly when it comes to traceable devices.
B2B in the Cloud: 1980 Was a Long Time Ago
Data sharing is a vital cornerstone of every enterprise, but in 2014 we are still relying on technology that was developed in the 80s: Electronic Data Interchange (EDI).
Although EDI has proven itself to be a reliable method of exchanging data over the past 30 years, we’re now diving head first into the cloud, and the technology securing these flows of data needs to keep up with the changing data landscape.
Businesses now deal with multiple applications, standards and a host of business partners using a plethora of different devices to connect to the cloud.
With Gartner predicting that in 2015 there will be more than 4.9 billion connected ‘things,’ B2B cloud technology will need to work much harder for businesses. It will need to take data exchanges beyond the simple computer-computer communication that EDI enables to a much wider cloud-based ecosystem.
The B2B cloud technologies of 2015 will be able to support multiple standards and legacy systems, enabling companies to move beyond EDI and into the cloud.
In doing so, organizations will be able to meet employee’ demand for constant access to data flows from multiple devices.
The Connected Vehicle
2015 will be a watershed year for the connected vehicle. Gartner has predicted that the number of devices interacting with the connected vehicle will jump from 189 million in 2014 to 372 million in 2015.
Next year, there’s a very good chance that when you buy your new car, the dealer will ask you what mobile plan you want.
Connected vehicles including company cars and commercial vehicles will deliver new capabilities and concepts in transportation logistics and fleet management.
The haulage industry has already embraced tracking technologies, for example to monitor driver miles and hours at the wheel.
Although technology will mature in 2015, data management, privacy and security will remain as drag factors. Data protection and privacy regulations remain incomplete, even in the EU.
As connected vehicles will be communicating to various applications through APIs, the companies delivering those apps need to ensure that they are secure and are using the resulting data responsibly.
Source: ITProPortal.com, a Net Communities Ltd Publication.
Securing the Internet of Things: Top 10 Things to Consider
Welcome to the future, where smart meters monitor your home appliance usage, where fitness devices on your wrist track your heart-rate, and where electric vehicles can take commands from your wristwatch.
What does all of this have in common? These innovations are all part of the Internet of Things (IoT). While the Internet of Things is going through a rosy honeymoon period at the moment, security issues are slowly creeping to the surface.
There’s a growing awareness that IoT devices are riddled with vulnerabilities, and securing these weaknesses will soon become one of the major priorities for both manufacturers and the people who use them.
Let’s examine the top 10 things to consider in detail:
1. Patching
Internet of Things devices are often difficult to update. There isn’t an equivalent of a “Patch Tuesday” for a wristband, or a Wi-Fi-enabled smart meter. Rather than patching the device itself, patches will often have to be applied upstream as “virtual patches”.
2. Not just HTTP and SSL anymore
The Internet of Things goes beyond HTTP and SSL to include MQTT, CoAP, XMPP, and other protocols. This means that a strategy of “just throw SSL at the problem,” if this was ever a strategy at all, will not be effective for the Internet of Things.
3. Low power
Security requirements such as encryption and signing require processor power, which is not in large supply in a wearable fitness tracking device, for example. Here, again, security must be layered on, upstream from the device itself.
4. The user, one step away
In the Internet of Things, the user is one step away from the connection itself. Often this involves a delegation model. The user delegates control to a device, such as a smart meter, to act as a sensor and interact with services on their behalf. As such, users may not be present to enter passwords or press “OK.” For delegated security models, technologies such as OAuth 2.0 are key.
5. Key management
Devices in the Internet of Things often require keys for security. These may take the form of cryptographic keys, or simply act as shared secrets. These keys must be managed. In many cases, it makes sense to manage these upstream from the device itself, so that they cannot be compromised.
6. Accessibility
Internet of Things devices are, by their very nature, in the hands of users. We have already seen examples of APIs for Internet of Things devices being reverse-engineered by curious engineers. Expect this trend to continue. It is another reason not to store confidential information on the “thing” itself.
7. Brownouts
How does the device act when its power is artificially lowered, or raised? These are not questions which need answering for a server in a co-located data center. But it is a factor when attackers focus on finding weaknesses on Internet of Things devices.
8. Audit trails
With constrained devices, is it going to be possible to write out an audit trail of usage? If not, where can an audit trail be kept? This is another reason to apply security, in the form of monitoring and management, upstream from the device itself.
9. Unexpected interactions
Users will link Internet of Things devices together in ways that cannot always be anticipated. For example, what if a user wants to set up a scenario in their house in which the hall lights activate central heating? How can you ensure these novel interactions do not result in security challenges? The answer lies in ensuring that interoperability is tested for security implications.
10. Certifications
Who will certify Internet of Things devices for security compliance? At present, this is a Wild West-type arena. However, expect testing organizations to, over time, develop security certifications for Internet of Things devices.
Devices in the Internet of Things will continue to rely on APIs to communicate, so smart, flexible and above all secure API management is critical - Download the White Paper: The Internet of Things Continues to Expand