Some experts see the Internet of Things (IoT), or the Internet of Everything, as the next industrial revolution, in which a new category of devices will start communicating with each other with little or no human intervention. But how does data protection fit into the picture?

In the IoT, multiple sensors, tiny computer chips and communications devices will be integrated with physical objects such as appliances to enable communication between them and other computing devices such as cloud servers, computers, laptops and smartphones.

The IoT offers enterprises and businesses tangible benefits. For instance, through the IoT, information analysis will be available in real time. People and companies alike will be able to make more accurate decisions, reducing operational costs and increasing efficiency with real-time analysis. The IoT also offers more control and automation. Having sensors and smart devices will allow corporations to program the execution of automated and repetitive tasks by defining multiple scenarios with their corresponding responses.

Data Protection and the IoT

The estimated growth of this new trend in the market is expected to hit between 26 billion and 30 billion devices by 2020, with an estimated market worth of between $6 trillion and $9 trillion.

To put this in context, the following are some interesting implications (including ones concerning data protection) that relate to the explosion of these interconnected devices:

  • These devices will constantly generate huge amounts of data, so we will need faster networks, larger storage capabilities (likely in the cloud) and more bandwidth to support the growth in Internet traffic.
  • There is not yet an open ecosystem to host these devices to make them interoperable like there is on Microsoft Windows, Apple iOS and Google Android ecosystems.
  • Vendors are creating private networks for interoperability among their own products, but these are incompatible with others. This creates a major challenge for integration across multiple solutions.
  • The current Internet protocol (IPv4) cannot handle the growth in the number of interconnected devices on the Internet. This will trigger the need to switch to a more scalable protocol, such as IPv6.

Security and the IoT

With this in mind, you may be concerned about how to deal with security in the IoT. The following are several security challenges that will need to be faced as the IoT gains steam:

  • If we already have trouble today keeping our computers, smartphones and tablets updated with the latest version of code, won’t it be a nightmare trying to keep these millions of devices updated and free of security bugs?
  • With the amount of data these devices will generate, how do we navigate the sea of data to identify suspicious traffic over the network? What if we miss incidents because we are unable to identify them?
  • Proprietary and enclosed implementations such as those that vendors are creating today make it harder to find hidden or unknown zero-day attacks.
  • Even though IPv6 has been present for some time, this protocol has not yet been fully perfected. As with everything that is new, we have to handle new and unknown weaknesses. That being said, the way we apply security controls over IPv4 may not be useful or relevant for protecting IPv6.

Watch the on-demand webinar with Arxan and Forrester to learn more about securing the IoT

Solutions

There is no simple answer to address these challenges and manage the security of these interconnected devices. However, the following are some actions we must take to overcome these adversities:

  • We must have a truly open ecosystem with standardized application programming interfaces that enables interoperability with a reliable and automatic patching system.
  • Devices must be hardened with the best practices in the market to protect against common security exploits.
  • Devices must be well-protected on the connected networks (intranet and Internet).

This technology is still in its infancy, and we will have to wait a while before it gets to a more mature state that is driven by the whole industry. What can we do in the meantime? Look into existing proprietary ecosystems and analyze which ones have the features that best fit your business needs. These include their scalability and the ability to isolate these small and elusive devices on a separate network (using virtual local area networks) protected by firewalls or at least with screening routers.

More from Intelligence & Analytics

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Web injections are back on the rise: 40+ banks affected by new malware campaign

8 min read - Web injections, a favored technique employed by various banking trojans, have been a persistent threat in the realm of cyberattacks. These malicious injections enable cyber criminals to manipulate data exchanges between users and web browsers, potentially compromising sensitive information. In March 2023, security researchers at IBM Security Trusteer uncovered a new malware campaign using JavaScript web injections. This new campaign is widespread and particularly evasive, with historical indicators of compromise (IOCs) suggesting a possible connection to DanaBot — although we…

Accelerating security outcomes with a cloud-native SIEM

5 min read - As organizations modernize their IT infrastructure and increase adoption of cloud services, security teams face new challenges in terms of staffing, budgets and technologies. To keep pace, security programs must evolve to secure modern IT environments against fast-evolving threats with constrained resources. This will require rethinking traditional security strategies and focusing investments on capabilities like cloud security, AI-powered defense and skills development. The path forward calls on security teams to be agile, innovative and strategic amidst the changes in technology…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today