What can stand in the way of plugging the latest IoT gizmos into the company infrastructure as soon as they appear on the shelves? Not much, but security is definitely on the list.
Forward-thinking companies realize that IoT can propel their business (any business) to the new scale or open new directions. However, its adoption is often cautious or disparate.
The big thing holding it back is the fact that with IoT not only virtual infrastructure is dependent on information technologies but also the physical one. Machinery, devices, vehicles, diagnostic equipment, etc. can crash leading to damage, human injuries, or faulty produce. Who will take responsibility for that? An algorithm? A chip manufacturer? An IoT platform developer?
The culprit might come to light in the end, but when it comes to human lives and other sensitive applications, security and preventive measures get the utmost importance. That is why below we talk about strategic steps to prepare your company for the IoT era and give tips on how to springboard from solving the common issues.
1. Define “security” within your domain
There is no average IoT security level across industries. The scope and the applications the IoT devices differs significantly — from smart light bulbs adapting to the level of ambient light to sensors monitoring the state of uranium rods of the nuclear power plants to the human vital signs in intensive care unit.
If your company is one of the pioneers in the field, your set of security items may well overgrow your firm and become best practices or even contribute to the formation of industry standards. Also, try to think ahead as far as possible to avoid frequent amendments or changes to the checklist when the next round of evolution begins.
How to leverage: starting earlier allows becoming an industry expert and co-creator of industry standards.
2. Elaborate cross-layer security standards
The complexity of IoT security is that it spans across multiple layers of infrastructure: sensing (chips and endpoints), connecting (communication protocols and gateways), and application (software systems and applications). Threats and vulnerabilities involving several layers are more difficult to envision and prevent primarily due to lack of communication between parties responsible for each segment of the IoT stack.
Proactive communication with providers up and down your supply chain may result in complex integrated solutions. In this case, the collective effort is more comprehensive than the sum of individual efforts due to the opportunity to approach the borderline issues from both sides (e.g., from chip manufacturer and gateway developer sides).
How to leverage: becoming a niche expert opens many opportunities for consulting projects and joint ventures.
3. Collaborate with industry players and regulators
The current state of most IoT security standards varies from generic to non-existent. What’s more, one company’s cybersecurity concerns have the potential to affect much more than this company’s infrastructure — they can cause economic or social consequences in the real world.
Talk to your competitors to share knowledge of burning questions, detect common pain points, and join forces to overcome those. One day regulators will knock at your door outlining their understanding of your industry regulations. You’d better be prepared and initiate the thought process around the IoT security in the field. This way you will be an active participant and contributor, not a passive listener.
How to leverage: forming a professional community you gain reputation, develop networking channels, and, consequently, appear within reach of the new prospects.
4. Push security as a top priority throughout product lifecycle
The fact that the product is [seemingly] secure the day it reaches the market tells nothing about how secure it will be in a year or two. Security issues arise over time — as the new device or technology saturates the market, more people start using it, and consequently more unexpected or unintended uses happen, more flaws pop up, and more attempts to get illegal access or control occur.
Security should become one of the “genes” of your product — an indispensable component that cannot be taken out. Ever. It should start at the shop floor and persist until the last day the product is in use. Regularly amended manuals, best practices, and easy over-the-air firmware updates are essential to ensure sustainable IoT security and win long-term customers and clients.
How to leverage: continuous customer care and sincere interest in customer’s success increase loyalty to your brand and help in hard times when you can’t buy support.
5. Cultivate buy-in and skills updates
For security to become a company-wide initiative, C-suite buy-in is critical. Once the executives are on-board, they should fit the security as a priority into the company culture, create dedicated roles (e.g., Chief Information security Officer), and organize staff training.
Besides educating current employees on the importance of IoT security throughout the product lifecycle, a pool of dedicated specialists trained in-house can have an advantageous effect on stability and quality of the entire infrastructure.
How to leverage: a company university can also prepare specialists for the industry, not only for the founding company — this way your company name becomes synonymous to a thought leader and trend-setter.
6. Ensure responsiveness and experience sharing
Once, or if, an emergency situation occurs, customers should have a definite place to report an issue and ask for help. Moreover, the company should follow-up promptly and have a professional investigation of the problem to prevent further occurrences.
The way a company responds to a breach is more impactful on its reputation than the fact of the breach itself. Communication with all interested parties (customers, investors, regulators, general public) is vital to infuse confidence and relieve anxiety.
How to leverage: owning the mistakes, openly admitting them, reporting the corrective actions in a case study allows to build trust and grow credibility.
IoT security is doomed to be an issue of high concern for quite a while — while IoT is booming it will be hardly possible to stabilize, not to mention future-proof, the regulations. However, collaboration within and between industries, communication among providers, suppliers, manufacturers, and users of IoT ecosystem elements, open alliances led by industry leaders, and maximum openness can help alleviate the pains, harness the spread, and minimize the severity of malicious actions.
HTTP vs MQTT performance tests
Comparison of HTTP and MQTT protocols for performance, power consumption, and CPU usage in different scenarios on a laptop and Raspberry Pi.