The Importance of Security by Design for IoT Devices
We’re on the verge of an explosion of IoT-related products and services. We all know that the Internet of Things or IoT has started to disrupt consumers, enterprises and governments and is paving the way of an analytical revolution. From connected homes and self-driving cars, from smart toasters to smart buildings, soon, we will all be able to connect to any device and control every aspect of life.
According to American research and advisory firm Gartner, there will be 25 billion Internet-connected things by 2020, and close to $2 trillion of economic benefit globally. That’s a lot of IoT devices and the biggest question is, can tech companies secure all these objects from threats?
As we slowly see IoT becoming mainstream, with companies like Google, Cisco, IBM, Intel, and others leading the revolution, IoT will soon change the way we live, work, travel, and more.
And while this IoT explosion will offer a wide range of opportunities for manufacturer and consumers, it also poses major risks in terms of security. As more devices get interconnected, securing them all will be the biggest challenge. Hardware, software and connectivity will all need to be secure for IoT objects to work effectively. Without security, any connected object, from refrigerators to manufacturing bots, can be hacked. Once hackers gain control, they can usurp the object’s functionality and steal the user’s digital data.
So how does one protect IoT devices?…The answer is Security By Design.
Security by design is an approach to software and hardware development where security is built in from the beginning, and not as a late addition after a hacking incident. The need for security by design has become crucial as tech companies continue to churn out a myriad of IoT objects for consumers and enterprises. These Internet of Things devices, since they’re all connected to the Internet, are vulnerable to remote hacking. Also, most of these objects were designed with no security built into their system, making them easy targets for security breaches.
In her 2015 CES speech about Security and Policy, Edith Ramirez, former Chairwoman of the Federal Trade Commission, shared three steps that companies should take to enhance consumer privacy and security and thereby build consumer trust in IoT devices:
- Adopt security by design
This mean every Internet of Things design should start with security. Giant tech firms as well as startups should incorporate security into the initial design process.
- Engage in data minimization
To avoid security breaches, IoT manufacturers should employ different approaches to protect the device from being accessed by anyone through the Internet.
- Increase transparency and provide consumers with notice and choice for unexpected data uses
IoT manufacturers should provide consumers with notice about how their data is used and shared, and then offer tools that will allow consumers to turn off certain types of information collection and sharing. They should also educate consumers about security so users can avoid making risky behaviors while using their IoT device.
This article was written by Roland Atoui, Managing Director & Founder of Red Alert Labs, expert in Information Security and Certification with more than 10 years of experience in the industry. From smart cards to smart phones to smart manufacturing, Roland is a new technology enthusiast with a current mission to bring trust to the Internet of Things. Originally the article was published here.