It’s no secret that security is one of the most talked about issues surrounding the viability of the Internet of Things to actually impact daily life. Google, which just announced its latest IoT operating system called Brillo, has finally realized that in order to make the smart home a reality, devices must be able to talk to each other. In turn, Google, in addition to the majority of IoT vendors, will need to specifically address the issue of security as more intelligent devices become available.
While most in the industry claim to be making security a priority, the truth is that in order to keep up with the speed of innovation in both device and platform ecosystems, some considerations tend to fall to the wayside. To date, security concerns have mostly focused around issues such as identify theft and fraudulent transactions. In order to make the connected home a reality, the industry will need to consider both the physical and less discussed digital aspects of security concerns.
Security Challenges Facing the Connected Home
The complex nature of IoT is central to the challenge of securing devices. In a typical smart home solution, major considerations include both data at rest (on devices or on a central hub) and in transit (between devices or the cloud). On top of that, IoT and connected home devices are often from different manufacturers with the ability to act on both local and external networks. Here are some possible solutions the industry should look towards:
- Securing & using a gateway/hub model—This method means only one device acts as the gateway to an external network. Local devices are secure as they are not connecting externally, and can’t be directly accessed from outside the home. This scenario allows the central device to collect data, perform basic analytics and implement simple logic functions that allow for rapid device response at the origin of the event (e.g. IF door opens THEN turn on light AND start cloud recording). A centralized, local model also facilitates best practices regarding data retention and sharing policies as the data uploaded to the cloud is configurable and kept to a minimum.
- Securing the device and restrict access—This channels a ‘security by design’ mentality to build security into the device at the outset. To do this, there must be support for encryption to secure communication with the device and authentication for access control to validate identity and to determine permissible interactions.
- Securing transmissions and communication from hub to cloud— This method relies on encrypting data and then transmitting over a secure channel. Active measures such as real time monitoring and network vulnerability testing can be employed, which will help proactively detect suspicious behavior and potential security weak-spots.
It’s also worthwhile to note how important it is to improve security by helping to reduce human error. For example, app software and web interfaces need to be designed with enhanced security in mind. Default scenarios need to be used during initial setup of devices and randomized passwords should be a minimum standard, as opposed to open factory presets. The ability to remotely patch security loopholes is similarly essential, as there is always potential for new vulnerabilities to be exposed. At the end of the day, however, the question becomes: who is responsible for making sure this happens?
Who Is Responsible For Securing The Connected Home?
As the connected home is still not yet a widely adopted concept, in its current state it is particularly vulnerable to issues that could erode public trust. The question of responsibility quickly becomes of utmost importance and ultimately each part of the IoT chain must work together to leverage robust security solutions.
Telecom companies in particular have the power to influence adoption of security standards in a way that would allow greater transparency and easier integration for everyone else in the IoT chain. The telecoms already have public trust, which is going to be critical for mass smart home adoption, as well as the necessary security and infrastructure experience. To this end, it’s vital that players in the space educate end users and consumers in order to increase overall understanding of the need for security across home device and mobile usage.
For service providers, the more they are able to pair with reputable security experts to ensure they are meeting the appropriate standards, the more consumers can benefit without sacrificing their physical or cyber security. This is especially important for startups that might not have the in-house security experience needed at their outset.
Looking Ahead
Over the next year or two, we can expect to see more companies embracing the potential of the connected home and finding ways to valuably commit to becoming a part of it. As widespread standards begin to emerge, and the landscape in general begins to settle down, we can expect a welcome shift away from issues of infrastructure towards the analytics and how we can best use the IoT and the data it generates to our advantage whether that be at the consumer, city or global level.
Daniel Collins is the chief data officer at ThroughTek, an Internet of Things solutions provider. With its Kalay platform, ThroughTek offers complete enterprise and consumer solutions based on IoT cloud utilization
Edited by
Ken Briodagh
