Building Security into IoT Products from the Ground Up

By Special Guest
Cara Sloman, EVP, Nadel Phelan, Inc.
July 05, 2017

Until the Mirai botnet hit, most businesses didn’t think about whether their printers were securely connected. But business cybersecurity risks associated with the IoT are real and significant. Mirai proved that by hijacking hundreds of thousands of IoT devices to shut down hundreds of the world’s websites.

If more work isn’t done quickly, the Mirai attack will be the first in a string of successful and damaging IoT-based attacks. The rapid and wide-scale adoption of connected sensors and IoT devices in manufacturing, healthcare, transportation and utility settings means that a broad swath of the globe’s critical infrastructure is increasingly vulnerable to these attacks.

As the network and its connections change rapidly, organizations are often left feeling confused and uncertain as to the extent they are affected by IoT security issues. As a result, many are holding off on implementing connected technologies. Forrester predicts that security concerns will stunt the growth of IoT adoption in 2017.

However, the IoT and its legitimate risks must be addressed in order for organizations to move forward. The IoT has the potential to deliver significant business benefits to your customers. Helping them choose and deploy a secure IoT solution lets them gain valuable new business insights and efficiencies while protecting their data and infrastructure assets.

Cybersecurity from the start
Security is too important to be an afterthought. No one wants to cobble together an aftermarket fix, and having to do so would not reflect well on your brand. While it is (relatively) easy to design and ship an IP camera, for example, the ease at which one can be hacked from factory settings makes installing one an unacceptable risk factor to the network – and your customer’s business.

IoT security-related issues are on the radar of regulators. In January, the US Federal Trade Commission (FTC) filed a complaint against router giant D-Link, charging that the company had deceived users on the security of its products and failed to take steps to secure those products appropriately. This case has become a bellwether because the complaint was brought in response to the vulnerabilities themselves, not because of a breach exploiting those vulnerabilities. This is a sign that regulators are taking a more aggressive stance in demanding that connected device manufacturers take clear and sufficient steps to secure their products.

Four tips to help get you started
Give your customers confidence in your products by observing these initial steps:

Use unique device credentials: Rather than making the mistake that so many others have and ship connected devices with factory settings, give each device a unique password. Print the password on a sticker that’s included on the device itself. This significantly reduces the chances of compromise.

Find and upskill the right people: “IoT” can mean many different things. A job ad asking for an IoT professional may attract 10 people with 10 different backgrounds. Think instead about what your company does with connected devices, and the specific skills it needs to design, manage and deploy those applications, systems and devices securely. Looking for and training people with IoT certifications is a way to validate those skills.

Consider using open source carefully: Open source IoT software is an attractive option for IoT startups looking to get product to market quickly because it’s easy, cheap and flexible. Yet security flaws can be exploited rapidly, and patches are often slow in coming. IT teams therefore should be aware of the risks in using technologies that are based on open source code.

WiFi is not the only option: While it’s true that WiFi is good for quick and dirty deployments, for wide-scale installations in specialized vertical network environments, like manufacturing or healthcare, consider using one of the many specialized communications protocols that are available to your engineers. Do all functions need to be performed on the device or can some be punted back to the network? Minimizing the need for the device to perform all functions and be connected to all traffic all the time can also reduce its threat exposure.

The big picture
The IoT is a two-edged sword that must be handled carefully. The risks are real and substantial, but so are the benefits and opportunities. Customers are already wary of these risks and don’t need any more reasons to not buy your products. By creating trustworthy products that are secure right out of the box, your customers can confidently move forward to achieve their goals. This positions you well for repeat business.

About the Author: Sloman has helped shape Nadel Phelan's brand, services and reputation. Responsible for client strategy, while building and managing solid account teams that deliver results, she has worked with market leaders to set industry agenda, establish thought leadership, build new categories, launch companies and navigate PR obstacles.

Related Articles

Kerlink and Radio Bridge Offer LoRaWAN Solution for Private IoT Networks

By: Ken Briodagh    9/16/2020

Kerlink and Radio Bridge reportedly are integrating their technologies to offer enterprise customers a single solution for designing, deploying, provi…

Read More

Brave New World: Connected Field Service Technologies Fusion Leveraging IoT

By: Arti Loftus    9/16/2020

Microsoft commissioned Forrester Consulting to conduct a Total Economic Impact (TEI) study and examine the potential return on investment (ROI) enterp…

Read More

MultiTech Receives 2020 IoT Evolution Product of the Year Award

By: Chrissie Cluney    9/14/2020

The MultiTech MultiConnect microCell LTE USB Cellular Modem (MTCM2 Series has received the 2020 IoT Evolution Product of the Year Award from IoT Evolu…

Read More

New Survey Shows that Business is Committed to LTE for WAN

By: Ken Briodagh    9/8/2020

New report indicates that 78 percent of companies now use or plan to use LTE for WAN or internet connectivity and 82 percent believe 5G will deliver i…

Read More

Verizon Completes Fully Virtualized 5G Data Session in the World

By: Ken Briodagh    9/8/2020

Verizon says it is the first in the world to successfully complete an end-to-end (from the core of the network to the far edge) virtualized 5G data se…

Read More