Digital

IoT is for Trouble  

The there is a tendency to treat IoT as a single thing, or a single market when the reality is that these devices are closely aligned with larger solutions and also broken out between consumer and business uses. Steven Schuchart writes

Considering the security and update concerns around IoT devices, corporate IT buyers need to hold solution providers’ feet to the fire. This means hard questions for vertical solutions that use IoT devices and even harder questions for those selling overall IoT management platforms.

IoT, or Internet of Things has been the subject of non-stop talk, speculation, and of course psychotically high market share estimates in many a technology corporate presentation deck. Just as a refresher, “IoT” or Internet of Things refers to the myriad of devices, sensors, cameras, doorbells, ovens, microwaves, and myriad of other home, business, and industrial devices that connect to the internet.

The vast majority of these devices are wireless, often leveraging but not limited to cellular, Wi-Fi or Bluetooth connections. There has been a vast proliferation of these devices and IoT devices are everywhere. Homes, cities, businesses, institutions…all use IoT. Some of it is almost laughably pointless, like internet connected ovens, others tremendously important, such as the myriad of sensors on manufacturing equipment.

Seriously, IoT devices are everywhere. The other characteristic of the vast majority of IoT devices is that they are, in general, relatively inexpensive to produce and buy. That’s done a lot to contribute the spread of these devices.

But low costs in many cases require cutting of corners. Often there is no easy, or no automatic way to update these devices to patch security concerns. Sometimes, there simply isn’t any way to apply security patches. Devices are created with the minimal amount of new code required, using as much existing software as possible. Devices are created, abandoned for newer versions because cheaper hardware is sourced, or new capabilities are required. In short IoT has become a ubiquitous security nightmare for security administrators, network admins, and home users alike.

Each vertical market needs standards and accountability that is appropriate for that market segment. Health care IoT devices (which yes could include many life saving machines) need to be treated differently than temperature and humidity sensors that augment the HVAC system or cameras that feed the physical security system. The idea of an IoT manager allows wiggle room for each system vendor. We need for the vendors that sell this equipment to actually step up and take responsibility. If the vendor used IoT devices that suddenly become insecure or can’t be updated, the excuse of “Well, it’s IoT what do you expect” just doesn’t cut it.

So, when you are looking at solutions that have an IoT component, get down and dirty with the vendor or reseller who is offering the solution. How are the IoT devices secured? Did they make them themselves? How are they updated? Is it automatic? Will they replace the IoT devices if they are vulnerable and can’t be updated?

There are best practices for security and networking that do apply to all IoT devices, including virtual network isolation. But often solution vendors don’t take a strong position on best practices. Consulting your security provider and ensuring that any solution you buy can be managed under best practices is necessary.

IoT is really a revolution. There are some wonderful things happening in the world due solely to IoT. But prospective corporate buyers need to ignore the industry’s lazy proclivity to treat IoT casually. It’s important to focus on how the solutions that use IoT are going to support those devices, in everything from security updates to replacements.