IoT: Another Opportunity to Build in Security from the Start
The basic fundamentals of information security include confidentiality (keeping things secret), integrity (keeping things trustworthy), availability (keeping things available when they need to be accessed), accountability (someone is responsible for security) and auditability (keeping verifiable records about the interactions in the system). Because IoT is new and novel, there is a tendency to overthink things and to look for new and novel security frameworks. However, these fundamentals remain true to IoT. It may just be that the tools that are used for executing these fundamentals are different, due to IoT’s differences from systems of the past.
The hardest problem in any data transaction is verifying the identity of the parties involved. But once the identities are trusted, everything else is just accounting. By accounting, I mean that we are able to follow a procedure to complete the transaction (which can be anything from updating a field in the database or connecting a rider to a driver in a ride-sharing app). The procedure itself may not be easy, but it’s not nearly as hard as establishing identity of the transacting parties. To establish identity reliably, you need to establish a trust mechanism. Since trust cannot be established in isolation, a chain of trust in the IoT ecosystem is needed. (Read More)
Cybersecurity: How to Avoid the Catastrophic Risks
Most companies survive most cyber attacks. For example, two American tech companies lost more than $100m to a crafty cybercriminal using forged credentials, but this financial attack never threatened the existence of the two businesses. A German steel mill lost control of a blast furnace – and the ability to protect workers – to hackers who gained remote access and overrode safety controls, but again, this company survived too.
Companies must take steps to address many types of risk – financial, operational, reputational, and others. But as business becomes ever more reliant on technology, addressing catastrophic risk – losing all data, production systems, or intellectual property – must also be on every executive’s agenda.
When hackers targeted Code Spaces, a software collaboration platform, they deleted all of the company’s data and its backups. Overnight, Code Spaces shut down. Existential threats are not always sudden, however. Over the course of 10 years, hackers siphoned the intellectual property of a North American telecommunications giant: Nortel Networks. Nortel no longer exists, and although it has not been proven in court, many speculate that its stolen IP helped the company’s foreign rivals get a competitive edge. (Read More)
Enterprise IoT Faces Skills Shortage, Security Challenges
A survey of technology decision-makers at mid- to large-scale enterprises found that IoT adoption is coming to the vast majority of businesses within the next two years, but many of those businesses aren’t yet ready to cope with the change. A major part of the problem is a perceived skills gap. Of the 500 IoT-involved technology pros surveyed, just 20% said that they “had all the skills they needed” to successfully implement their organization’s planned IoT projects.
The other four out of five respondents to the survey conducted by Vanson Bourne and backed by UK-based satellite communications company Inmarsat said that they had some degree of need for additional IoT skills. Data scientists, security pros and support staff are all in high demand among IoT-enabled businesses, the study found. That’s prompting a lot of outsourcing and partnerships. Just 15% of respondents said that they planned to develop and deploy their IoT solutions completely in-house, while 74% said that they had definite plans to work with external partners to handle some part of their IoT workload. (Read More)