By Colin Grealish, Product Director at Alcatel-Lucent
Connected devices within the Internet of Things are much different to our smart phones, tablet and computers. They are vast in number, often unmanned and often required to survive long lifespans, which need repeated software and hardware upgrades. Many of these devices will be assembled using different components and have different owners over time. Plus, cellular operators are creating separate IoT networks that present unique characteristics and tariff plans. This has created a new host of security threats that, when combined with the expected scale of the IoT can render devices costly and difficult to manage if not properly addressed as part of each device rollout.
What Makes Security Challenges of IoT Different
In some instances, the challenges of managing mobile phones and personal computers are similar to those of IoT. Both technologies, for example, can experiences compromises of firmware. What is different, however, is the scale of the issue. With 4.9 billion devices expected to connect by the end of 2015, it is anticipated to see 25 billion connections by 2020. (Gartner, 2015) With such exponential growth, a breach in security of an IoT device can have consequences that stretch far beyond technologies and geographic borders.
More Security Challenges:
Separation of Owner and User
The separation between owner and users is another factor that may obstruct device security. As in the example of intelligent road signage, users very often are not the owners of the device, and as such, may not be aware the device is experiencing an issue.
Location is another factor in securing IoT devices. This is particularly true if the device is mobile, but even fixed devices can be located in environments that are not optimal from a security perspective.
IoT devices now have long life spans. In part, this is due to the fact that they are integrated within equipment with long life spans. Cars are typically on the road for 10 years as are shipping containers, and utility metering equipment are not replaced for 20 or more years. These extended timelines increases the vulnerability of devices.
How IoT Devices are Built
Another key difference of IoT devices is how they are built. IoT devices, particularly as they emerge, are often built with different components or modules and may not be subject to the same security analysis as a manufactured device like a mobile phone.
The differences in IoT are leading to a new host of security threats. The extended longevity of devices will present new threats over time. This will be further compounded by the ownership and network operator changes that can take place during this time. Further, the longer the device is used, the more likely its components can be damaged or break altogether. All of this can make the device less secure and more vulnerable to security challenges.
Using a distinctly independent Lightweight M2M Device Management client secures the software and hardware on the device in a cost effective way that can be scaled to large populations of devices. In doing so, the devices are monitored, controlled and, in cases of a breach, effectively remedied in accordance with the security policy of the authority.
To read about this topic in depth, read the download the white paper Using Light Device Management to Secure Endpoints in the Internet of Things