ARN

Meeting the ongoing challenge with security and IoT

Both business and consumers have jumped on board the Internet of Things (IoT).

Both business and consumers have jumped on board the Internet of Things (IoT). The efficiency and productivity promised by connected workplaces and operations will see organisations spend $US745 billion on IoT in 2019, according to research by market intelligence company, IDC research. By 2022, it will surpass $US1 trillion.

The idea of a fully connected home has strong appeal to consumers with ABI Research predicting the global smart home market alone will reach $US123 billion by 2022.

However, despite the value IoT solutions present, there are some significant concerns about the security of some IoT devices, and their presence on the network. Security vendor, Symantec, said in its recent annual security threat report: “Targeted attack groups increasingly focus on IoT as a soft entry point.” It previously reported that, in 2018, attacks towards IoT had increased by 600 per cent year-on-year.


Azure Sphere as the IoT security solution

Obviously, businesses are aware of the security threats around IoT and are seeking best fit solutions. Analyst, Gartner, reported that IoT security spending reached $1.5 billion in 2018.

“It’s an entirely new challenge. If you think of traditional IT and mobility management scenarios where there’s well defined approaches to data protection and access management, coming to IoT, where those methods don’t apply, it is an entirely new world.” Danielle Damasius Principle PM, Azure Sphere, Microsoft, said. “With IoT you’re looking at devices that are always on, un-managed from a traditional sense and unattended in a lot of cases, so there’s often not many indicators that a device has been compromised – there isn’t the traditional watchdogs in place.”

Solutions around IoT security need to come from the hardware manufacturing end. With so many devices in production, and no unified platform for IoT security to operate on, manufacturers have previously been left to their own security practices. By the time the end-user has a few IoT devices in their environment, security has become a patchwork of differing standards provided by a wide range of different vendors that have vastly different levels of resourcing available to provide security. Hackers only need to find one vulnerability to gain access to the organisation’s network – and such an environment is ripe for finding weaknesses. It is why IoT is seen as a “soft target.”

As a result, Microsoft has developed the Azure Sphere to create a highly secured IoT devices. A Linux-based embedded OS and cloud service for micro-controllers, Azure Sphere addresses the most critical challenges facing IoT by presenting a uniform platform for security that all device manufacturers can access.

Manufacturers implement the Azure Sphere platform onto their devices, and can then rely on the built-in security provided by Microsoft’s security practice. Connected to the cloud, Microsoft brings its considerable weight in security to provide  failure reporting to identify threats and automatic updates to address vulnerabilities as they are revealed.


IoT security best practices

IoT security threats are nothing new; as far back as 2014 there have been horror stories of hackers getting access to people’s baby monitoring cameras, but perhaps the greatest example of the extreme risk posed by hackers through the Internet of Things was when a group manager decided to take control of an electronic car on a busy highway.

In looking to address the threats, Microsoft developed a design philosophy in approaching IoT security, called the “seven properties of highly secure devices”. These properties are a blend of hardware, OS, and cloud-based security properties, creating an end-to-end security solution, and highlighting the need IoT security to be approached as a whole-of-industry challenge.

“Foundationally, we believe that when you start building devices you should immediately have security in mind,” Damasius said. “Azure Sphere is designed to make it easy and affordable for manufactures to build renewable security into their devices from the outset.”

Microsoft also has a network of hardware and design partners that it works with to help other partner manufacturers build security into their devices.

“Some manufactures in IoT still think they can solve for security later,” Damasius said. “No manufacturer sets out to make insecure devices, of course. No one wants to be the one with the botnet refrigerator. But if they’re not being proactive about security from the outset, then they’re unintentionally being insecure and putting their brands and customers at risk.”

IoT will boost efficiency and productivity in businesses and at home. Manufacturers want to capitalise on that, and it won’t be long until connectivity is expected when an organisation or consumer purchases a device. However, security concerns with IoT provide a real reputational risk for organisations, which is why it’s important the industry moves to a unified and co-ordinated approach to security as quickly as possible.

For more information on IoT and security, don’t miss Danielle Damasius’ presentation at the IoT in Action event in Sydney on March 19. Register to attend here.