Securing Connected Devices: Considerations for Make or Buy
02/02/2016 Terry Gaul
The new challenges presented by connected devices are causing developers to go back to basics and even rethink the term security and what it means in the IoT.
Security and the IoT are terms becoming intrinsically linked in the grand discussion of connected devices and their envisioned applications in virtually every aspect of our ecosystem, whether it be consumer wearables, medical devices, or industrial systems.
Ted Harrington, Executive Partner, Independent Security Evaluators, made this comment recently in IoT World News: "IoT is very much a double edged sword. After all, the more companies collect and store data – the more reason hackers have to target them. And the more objects we connect – the more openings we create for technological infiltration."
Harrington went on to note that he believed that security is not a development priority in the IoT industry today. "If you consider the types of security vulnerabilities that plague this industry, it clearly demonstrates the security is not built in. If secure design principles were better integrated into product design, many of the fundamental flaws would disappear," he added.
This sentiment hasn’t been lost on connected device developers and the main reason why many organizations like the Industrial Internet Consortium are collaborating with industry leaders to develop security guidelines and best practices for IoT manufacturers. For some developers, the new challenges presented by connected devices are causing them to go back to basics and even rethink the term security and what it means in the IoT.
For example, Colin Walls, an embedded software technologist with Mentor Graphics said in an article in New Electronics: "I’m worried about use of the term ‘security’, because it can mean one of several things; all of which are important. For example, it can mean protecting data you’re transmitting that you don’t want people to see. It can also mean preventing people from getting into systems. Then there’s making systems safe. Safety and security are not the same thing; safety is protecting the world, while security is vice versa."
The new generation of embedded system developers are essentially in the same predicament that ISVs of traditional PC applications found themselves in years ago. Do they invest in acquiring the expertise in new technologies required to secure and protect connected devices or collaborate with outside security experts to help them build-in security by design – the classic Make or Buy dilemma. It’s a major consideration and a decision not easy to make. Let’s take a look at some of the factors involved in securing IoT devices:
Integration in devices and software
End-to-end turnkey protection and licensing from product planning, development, operations and maintenance