With the immense growth of the Internet of Things (IoT) or connected world, we have been introduced to devices that are no longer static or perpetual. In the past, buying hardware generally meant it would remain in an isolated environment with no continuous updates; and if an update was required, it was carried out by a technician.
In today’s connected world, the device/hardware is delivered as a software value. The software is updated with options, new feature sets or an entirely additional portfolio of products. This of course is great for the monetization aspect of the IoT, because it is much more cost effective to update throughout the life of the device.
However, despite all of the excitement created by this revenue-generating opportunity, the issue of security hasn’t received the attention it deserves.
At Gemalto, Todd Steele addressed this very issue in a presentation, “Firmware Integrity, Hardware Licensing, and Connected Licensing,” where Steele pointed out the security problem in a connected world.
The IoT ecosystem is connected, making it vulnerable to attacks across several different vectors. The device/hardware and software can be compromised in a variety of ways, which greatly affects their monetization potential.
Steps to Securing the Ecosystem
It is important to have a comprehensive system in place to ensure the entire ecosystem is protected. According to Steel, this starts with securing the client device so there are no Trojan processes or compromising data and ensuring that the device is not doing something it shouldn’t be.
Once the device itself is protected, the next step is to secure the software running it. However, as critical as it is to protect and secure the hardware, it is just as important to protect the installation and software updates to both ensure they are not tampered with and to guarantee that the applications are valid and delivered from a trusted source.
Okay, so your device and the software behind it are now protected, but what about third party add-ons implemented by the customer? Each new level of features can add another vulnerability to attacks and future compromise your ability to effectively monetize the software licensing.
This will require additional protection by securing the identity and communications of the devices that are connected. First you need to secure the data by validating it after receiving it from the device, since any type of data leak must be protected in order to prevent access to unauthorized parties. Additionally, the privacy of the data must be safeguarded to certify that the client is the only party receiving the given information.
Why Can’t You Secure it Yourself?
The short answer, “You can.” This is as simple as it gets. However, how much are you willing to invest in security by executing it in-house in terms of capital and human resources?
I liken the situation to an arms race in the truest sense of the word. There are cracking tools being developed by a global band of bad apples that is beyond the resources of the vast majority of organizations. Each new iteration of these weapons is a new threat that has evolved to find new methods of attack and exploit any weaknesses in your system. This has created a reality of 24/7 monitoring.
No less important is the lack of security experts in the market, which makes it abundantly clear tenure is a very precarious thing for those with the best qualifications; they will, sooner or later, leave for greener pastures.
This type of expenditure on security will, eventually, cut into the investment of the core value of your company, which will start eroding any competitive edge you might have against other players in your industry.
The value proposition offered by Gemalto is a partner who is able to better address the monetization of your IoT securely, so you can introduce products to market faster and stay ahead of your competition.
You can watch the entire presentation here.