Requirements for the New Era of IoT Security


By 2025, the Internet of Things (IoT) is expected to span more than 20 billion connected devices, generate nearly 80 zettabytes of data (i.e., 80 billion terabytes) and have a global economic impact of $4 to $11 trillion. The scale of IoT is unprecedented—and so is the opportunity for cybercriminals to hack, compromise, and control those devices. Distributed denial-of-service (DDoS) attacks, data breaches, man-in-the-middle attacks, and malware injections are just some of the cyber threats that connected devices will face daily. With this in mind, businesses might reasonably expect that standards and safeguards have already been drawn to protect these devices. And they would be wrong. The truth is that many existing and popular security solutions fail to address IoT security adequately.

Two realities have hindered the development of IoT security solutions: most IoT devices are small, and most security solutions are considerable. Many IoT devices are as small as a microsensor, capable of housing the smallest of processor chips and little else. The majority of security solutions are designed for data centers; they’re big, expensive, and include a lot of hardware and software.

You simply can’t fit an enterprise security solution on a small device.

What is needed are solutions that combine silicon-based root of trust to secure the device and data generated by that device with cloud-based security services that secure data-in-motion as it crosses the network. Comprehensive end-to-end security solutions need to be:

  • Embedded, full-stack security on an integrated circuit (IC)
  • A silicon-based root of trust for device authentication
  • Secure peer-to-peer connectivity
  • Secure remote lifecycle management
  • Traffic control featuring clustering and firewall technologies
  • Predictive data analytics and content inspection

IoT Security for the Real World

IoT security is different by design. Of course, it needs to protect against threats from malicious actors. However, it also needs to address unique challenges that other security solutions aren’t designed to do. These challenges raise important questions, such as:

  • How do we establish end-to-end security across a world of connected devices?
  • How do we combine security with the low-latency requirements of real-time
  • IoT applications?
  • How do we ensure the resiliency of IoT devices to support mission-critical applications?
  • How do we protect data privacy in IoT communications?

These challenges are highlighted in the early use cases for IoT, many of which will need to leverage next-generation technologies such as 5G, artificial intelligence and multi-access edge computing.

IoT in HealthCare

As 5G networks expand and evolve, the healthcare industry expects to see more connected devices in the market, from pacemakers to blood pressure monitors. While targeting a medical device may seem beyond the pale, the FDA has already had to recall nearly 500,000 pacemakers because of security flaws that could have allowed hackers to control those devices.  To protect connected healthcare devices and the data they transmit, 5G service providers and healthcare providers need to ensure secure connectivity and high reliability across various networks, protocols, and endpoints. IoT is expected to transform the healthcare industry. For that to happen, security solutions must mitigate risk by 

  • Offering ultra-low latency at a low cost of deployment while satisfying strict privacy compliance requirements 
  • Having device authentication and credential management that assures a secure connection
  • Maintaining connectivity of healthcare devices as they traverse different  networks

IoT in Automotive and Transportation

One of the most exciting IoT applications involves connected cars and autonomous vehicles. These applications will require real-time responses to make split-second decisions that can save lives. Adding a few milliseconds of latency in a connected car because of backhauling data to a secure data center may translate into the critical inches that can cause or avoid an accident. Security embedded in sensors combined with a distributed cloud-based model eliminates latency by placing security processing closer to the endpoint.

IoT in Smart Cities

Telecommunications operators have historically built and managed some of the most reliable networks in the world. But securing real-time communications takes on added significance when those communications control a city’s traffic system or a utility’s energy grid. Whether or not smart cities become the cities of the future will depend primarily on whether communications providers and device manufacturers can deliver the necessary levels of availability, reliability, and security.  

Solutions that can support the smart cities of tomorrow with the security they need today require:  

  • Resistance to cyberattacks, including data theft and DDoS attacks  
  • Automated security updates and software patches  
  • End-to-end encryption for data-in-motion such as parking meter payments    and surveillance video cameras  
  • A hardware-based root of trust that can detect if smart city equipment has been tampered with or otherwise physical compromised

IoT in the Home

When Ring (Amazon’s smart security offshoot) announced its home-based security drone, Luna, pundits quickly pounced on the privacy issues of having a security drone filming inside your home. Luna’s potential for privacy invasion underscores the fact that consumers will heavily scrutinize all home-based IoT devices for security. 

To protect home-based devices and their owners’ privacy from attacks, security solutions need to:   

  • Secure IoT device communications from end to end
  • Authenticate the identities of devices and machine-based endpoints
  • Ensure that stored device data is protected
  • Update security policies to meet changing privacy requirements

IoT security must be powerful enough to protect global enterprises and carrier networks, yet light enough to be embedded on an IC.  Only approaches that utilize a silicon/cloud solution can leverage the cloud and mobile edge computing to deliver a security stack on small devices, reducing the cost and complexity of security while increasing speed and performance.

Sami Nassar serves as Executive Vice President and Chief Strategy Officer at Privafy. He is a widely recognized digital security pioneer with multiple patent awards and more than 25 years of technology leadership experience. Sami is hyper-focused on driving digital transformation in cybersecurity, data privacy, and edge computing solutions.

Edited by Maurice Nagle

Related Articles

The State of IoT-Enabled Customer Experiences: Genesys Report Affirms Opportunities Though Progress is Slow

By: Arti Loftus    10/20/2021

Four years following on the publication of the original "State of Customer Experience" in 2017, Genesys this week released an updated report, which ex…

Read More

Next Level Connectivity at Retail is Contextual, Personalized and Entertaining With Digital Shopping Carts

By: Arti Loftus    10/7/2021

Today, with the adoption of IoT, the retail industry has become more customer-centric, and the primary aim is to enhance the customer experience to it…

Read More

Education for All Requires Broadband for All: Best and Highest Purpose for the Infrastructure Bill?

By: Matthew Vulpis    10/7/2021

Today's classrooms are digital classrooms first, whether in place or extended through e-learning platforms and are being fed by information and conten…

Read More

Small Is The New Big: Faster, Smarter Connectivity and Compute at the Edge

By: Matthew Vulpis    10/7/2021

In recent years, we've seen a drastic increase in smart technology aimed at making our lives easier. These innovations focus on improving our physical…

Read More

Microdrones Announce Presentation to Introduce Drone That Can Collect Longer Range Data for Industries

By: Arti Loftus    10/6/2021

Drones are becoming commonplace as more industries begin to understand the value that they can drive. Not only can they save companies money but drone…

Read More