The Internet of things (IoT) is due to become reality sooner rather than later. Instead of a handful of Internet-connected devices in the average home, we might see dozens. From thermostats to refrigerators to water meters to hot water heaters, these devices will soon be transmitting data to and receiving data from sources on the Internet.
As we gear up for the onslaught of the IoT, Holger Reinhardt, Product Architect at Layer 7 Technologies, has some thoughts on how we tackle the seemingly herculean task of maintaining security across the billions of devices that will eventually have active Internet connectivity. -- Paul Venezia
How will we secure the Internet of things?
As major players in IT and manufacturing converge technologies, enterprises will face a growing challenge to assure the validity and security of the data they share in a world of interconnected devices.
As IoT promises to transform every industry, organizations need to look beyond securing every endpoint. Given that we're talking about billions of devices, it's inevitable that some, even many, will be hacked. While vulnerabilities in connected consumer products like Nike+, Fitbit, and baby monitors get most of the public attention, exploits in industrial systems are less talked about -- and have much more serious implications.
What can an organization do to mitigate the risk of vulnerabilities in embedded devices? There's plenty of passionate debate about which protocol or technology is more secure. It seems each week yet another company offers yet another end-to-end IoT security solution.
If the past is any indication, those discussions will be rendered moot by the sheer number of potentially connected endpoints and the human inclination to chose convenience over security. If you need evidence, recall that an overwhelming number of e-commerce sites are secured only through HTTP basic Auth over server-side SSL. Or have a look at the most recent survey of the sorry state of password policies of leading cloud providers.