It’s one thing to say that by 2020 the world will host 50 Billion Internet Protocol-connected devices. It’s even more amazing that the planet’s number of Internet-connected devices already exceeds the human population. So how do we secure tens of billions of devices when we know that the vast majority of them will not possess sufficient memory and processing power to accommodate conventional anti-malware or other security software? Two things are clear to me. We need to build security into Internet of Things solutions from the beginning, and that the network is the only option we have to bring security visibility and control to this new universe of connected devices.
The Internet of Things is going to transform the world, but unless we act to secure it now we will find ourselves asking at some future date whether it was worth doing in the first place. I don’t claim to have all the answers in the video post here, but we need to start asking the right questions about securing the Internet of Things now.
My only question is how do you create a networked security across so many devices, and more importantly so many types of people, without limiting the ways the devices can be used? It seems that it will be difficult not to centralize security, and therefore create the possibility of even more devastating security issues.
Hi Brandon,
Thanks for your comment. To protect as effectively as possible against a wide variety of attack vectors, we have to accept the nature of modern networked environments and devices and start defending them by understanding attackers and thinking like defenders responsible for securing their infrastructure. A strong approach needs to be visibility driven, threat-focused and platform-based.
You must be able to accurately see what’s really happening in your environment to gain knowledge about threats. Visibility needs to come from the network fabric, endpoints, mobile devices, virtual environments and the cloud. The more you can see, the more you can correlate this information and apply intelligence to understand context, make better decisions, and take action ¬ either manually or automatically.
By leveraging the network as the platform for security, we can centralize the management and protection of devices without limiting their usefulness.
Here is a link to an article by my colleague Rafael Montalvo about Securing Mobile Networks with Trustworthy Systems that talks more about some of these challenges:
http://www.sys-con.com/node/2752984
Interesting info about such security awareness issue for IoT and even IoE. I completely agree. You may not realize due to the rise of Biotechnologies, that Iot and IoE will be moving into our bodies. Hence we will physically be a living node/endpoint of the internet. If someone hacks into a person with an artificial heart and pump, they could in theory remotely murder someone. It is really not so far fetch as most people think. So…yes…we need to work with Standard bodies like IEEE to require a standard embedded HW monitor and security policy for all IoT devices. My 2 cents worth! – John
Couple of approaches you can take, endpoint based – cooking security into the device whether it’s hardware assisted etc or network based. My inkling is on network based controls, IoT/IoE devices will touch the network somewhere, whether it’s wireless, wired. I think we’ve lost the battle for the endpoint aspect already, early IoT/IoE devices either don’t have enough grunt for certificates/encryption/whitelistibg or due to cost, are configured without security in mind. Also the plethora of different manufacturers and type of devices make it difficult to standardize.