By 2025, the Internet of Things (IoT) is expected to span more than 20 billion connected devices, generate nearly 80 zettabytes of data (i.e., 80 billion terabytes) and have a global economic impact of $4 to $11 trillion. The scale of IoT is unprecedented—and so is the opportunity for cybercriminals to hack, compromise, and control those devices. Distributed denial-of-service (DDoS) attacks, data breaches, man-in-the-middle attacks, and malware injections are just some of the cyber threats that connected devices will face daily. With this in mind, businesses might reasonably expect that standards and safeguards have already been drawn to protect these devices. And they would be wrong. The truth is that many existing and popular security solutions fail to address IoT security adequately.
Two realities have hindered the development of IoT security solutions: most IoT devices are small, and most security solutions are considerable. Many IoT devices are as small as a microsensor, capable of housing the smallest of processor chips and little else. The majority of security solutions are designed for data centers; they’re big, expensive, and include a lot of hardware and software.
You simply can’t fit an enterprise security solution on a small device.
What is needed are solutions that combine silicon-based root of trust to secure the device and data generated by that device with cloud-based security services that secure data-in-motion as it crosses the network. Comprehensive end-to-end security solutions need to be:
- Embedded, full-stack security on an integrated circuit (IC)
- A silicon-based root of trust for device authentication
- Secure peer-to-peer connectivity
- Secure remote lifecycle management
- Traffic control featuring clustering and firewall technologies
- Predictive data analytics and content inspection
IoT Security for the Real World
IoT security is different by design. Of course, it needs to protect against threats from malicious actors. However, it also needs to address unique challenges that other security solutions aren’t designed to do. These challenges raise important questions, such as:
- How do we establish end-to-end security across a world of connected devices?
- How do we combine security with the low-latency requirements of real-time
- IoT applications?
- How do we ensure the resiliency of IoT devices to support mission-critical applications?
- How do we protect data privacy in IoT communications?
These challenges are highlighted in the early use cases for IoT, many of which will need to leverage next-generation technologies such as 5G, artificial intelligence and multi-access edge computing.
IoT in HealthCare
As 5G networks expand and evolve, the healthcare industry expects to see more connected devices in the market, from pacemakers to blood pressure monitors. While targeting a medical device may seem beyond the pale, the FDA has already had to recall nearly 500,000 pacemakers because of security flaws that could have allowed hackers to control those devices. To protect connected healthcare devices and the data they transmit, 5G service providers and healthcare providers need to ensure secure connectivity and high reliability across various networks, protocols, and endpoints. IoT is expected to transform the healthcare industry. For that to happen, security solutions must mitigate risk by
- Offering ultra-low latency at a low cost of deployment while satisfying strict privacy compliance requirements
- Having device authentication and credential management that assures a secure connection
- Maintaining connectivity of healthcare devices as they traverse different networks
IoT in Automotive and Transportation
One of the most exciting IoT applications involves connected cars and autonomous vehicles. These applications will require real-time responses to make split-second decisions that can save lives. Adding a few milliseconds of latency in a connected car because of backhauling data to a secure data center may translate into the critical inches that can cause or avoid an accident. Security embedded in sensors combined with a distributed cloud-based model eliminates latency by placing security processing closer to the endpoint.
IoT in Smart Cities
Telecommunications operators have historically built and managed some of the most reliable networks in the world. But securing real-time communications takes on added significance when those communications control a city’s traffic system or a utility’s energy grid. Whether or not smart cities become the cities of the future will depend primarily on whether communications providers and device manufacturers can deliver the necessary levels of availability, reliability, and security.
Solutions that can support the smart cities of tomorrow with the security they need today require:
- Resistance to cyberattacks, including data theft and DDoS attacks
- Automated security updates and software patches
- End-to-end encryption for data-in-motion such as parking meter payments and surveillance video cameras
- A hardware-based root of trust that can detect if smart city equipment has been tampered with or otherwise physical compromised
IoT in the Home
When Ring (Amazon’s smart security offshoot) announced its home-based security drone, Luna, pundits quickly pounced on the privacy issues of having a security drone filming inside your home. Luna’s potential for privacy invasion underscores the fact that consumers will heavily scrutinize all home-based IoT devices for security.
To protect home-based devices and their owners’ privacy from attacks, security solutions need to:
- Secure IoT device communications from end to end
- Authenticate the identities of devices and machine-based endpoints
- Ensure that stored device data is protected
- Update security policies to meet changing privacy requirements
IoT security must be powerful enough to protect global enterprises and carrier networks, yet light enough to be embedded on an IC. Only approaches that utilize a silicon/cloud solution can leverage the cloud and mobile edge computing to deliver a security stack on small devices, reducing the cost and complexity of security while increasing speed and performance.
Sami Nassar serves as Executive Vice President and Chief Strategy Officer at Privafy. He is a widely recognized digital security pioneer with multiple patent awards and more than 25 years of technology leadership experience. Sami is hyper-focused on driving digital transformation in cybersecurity, data privacy, and edge computing solutions.
Edited by
Maurice Nagle
