IOT: even the name has different meanings to different people. While people in technology know that IOT stands for “Internet of Things,” what counts as a thing?
The most basic definition is that any device that can connect to other devices on the Internet without the aid of a human to operate would qualify as IOT. This would mean that connected thermostats, cars, utility sensors, printers, ATMs, lightbulbs, cameras, traffic signs, stuffed animals, and numerous other unique devices are all IOT.
To add to this complexity, most suggest that “things” that can connect to other “things” are also IOT, so add to the list: smartwatches, wearables, credit card readers, and even humans with connected implants.
IOT adoption is ramping faster than home PC or WWW adoption did. The small price tag, stand-alone nature, ease-of-use, and business value of IOT make it appealing to both individuals and industry.
Where devices can connect simply without any level of technical expertise and improve quality of life, entertain a child, or even make our power grid more efficient and stable, there is little surprise that the growth predictions are so large, with estimates ranging in the hundreds of millions to over a trillion dollar market size by 2022.
With any new technology, utility always proceeds security. So unsurprisingly, security is currently the biggest hurdle to adoption - or as some technologists joke, “there is no 'S' in IOT”.
But unlike previous technologies which could be quarantined, segmented, disconnected, or physically locked down, IOT is by its very nature more vulnerable because it is always connected, typically mobile, and very diverse in use and design, making the challenge to security much bigger.
The challenge is that these devices are harder to secure than a typical computer or even a mobile phone. IOT must remain connected in order to be useful, so they're always exposed to hackers. Many lack even the most basic on-device interface; they are designed to be lightweight to minimize processor usage and maximize battery life, so installing agents is challenging.
Many devices can also be picked up and moved, so physically securing them is a nightmare. And with the rapid evolution of processors, batteries, and new usages for devices, there is little consistency in what is running under the hood.
As discrete network boundaries continue to dissolve, the web of connected things will continue to grow and be increasingly vulnerable. These always connected, diverse, and limited-function devices will need a bold and visionary security solution that does not require human interaction.
Like the devices themselves, it will need to be portable, efficient, and automated. This solution will ultimately be borne from tight integration of embedded technologies with artificial intelligence (AI).
As a security consultant, I look forward to letting AI do the work - it's the only way we can protect this plethora of “things” that already outnumber the human population.