October 5, 2016 By James Murphy 3 min read

When you huddle around the coffee machine at work or flip on your smart kettle at home, do you consider the security of the Internet of Things (IoT) devices you are using?

If you’re like most, IoT security is probably the last thing on your mind. Today it is more and more likely that these caffeine dispensers are part of the IoT. But who is responsible for securing these devices? How could a breach threaten an organization or individual?

A New Frontier for Security

IoT security is becoming an important issue for consumers and enterprises as the volume of smart, connected devices increases. Security analysts have already seen cybercriminals exploit vulnerabilities in IoT devices ranging from coffee machines to car alarms.

Security leaders face many challenges related to IoT security. Discussions tend to focus on technologies, products and solutions. There are other important factors to consider, however, such as experience, knowledge sharing and business networks. IoT is not a new concept, but it is gathering more traction as the number of connected devices rises dramatically. Still, the risks related to these devices are not yet well understood.

Theses challenges are not at all unique. There is a lot to be learned, in fact, from existing security services and technologies, such as endpoint protection. As enterprises expand into the IoT domain, many will choose to adopt secure IoT platforms.

IoT Security in Numbers

The IoT Security Foundation (IoTSF) is a nonprofit organization dedicated to driving security excellence. The group includes over 65 member companies ranging from research institutes and universities to IoT startups and global corporations. IBM is one of those members, investing to infuse security knowledge and build a community around IoT security. IBM also participated in the development of an IoT security framework for industrial use as part of the Industrial Internet Consortium.

IoTSF members defined the scope and focus of working groups to shape the agenda and recommendations around IoT security. Industries and companies within the IoTSF actively collaborate to establish and uphold security principles. Membership and participation in the IoTSF enables organizations to become thought leaders in the IoT security space. It echoes values of openness, community, collaboration and standards to better serve enterprises adopting and developing IoT solutions.

Five Working Groups

IoTSF has an evolving agenda. The group is working on developing security strategies for consumer devices and solutions, which is the most valuable product segment in the IoT market. As such, the IoTSF defined five working groups built around that segment of IoT marketplace opportunities.

A recent plenary session focused on updating the five working groups and organizing the IoTSF Conference in December 2016. The five working groups are defined as follows, according to the IoTSF website:

  1. Self-Certification Scheme;
  2. Connected Consumer Products;
  3. Security Patching and Updating of Constrained Products;
  4. Framework for Disclosure; and
  5. IoT Security Landscape.

The working groups interlock to ensure that their missions are not carried out in silos. This also allows the teams to collaborate to reuse and interweave efforts. They strive to ensure that the strategies developed are useful, accessible and easy to adopt. Many of these artifacts are intended for public release ahead of the IoTSF Conference.

IoTSF Conference 2016

Following the success of last year’s conference, the main theme this year is convergence and holistic security. The IoTSF intends to promote the supply chain of trust and a duty of care for customers. In addition, the conference will highlight the fact that while information security is not new, the IoT is an uncharted frontier.

IoTSF held its inaugural conference on Dec. 1, 2015, at the Royal Society in London. Approximately 200 professionals gathered from across the globe, including representatives from government agencies, automotive manufacturers, defense contractors, buildings consultants, platform providers, IT services, telecommunication companies and venture capitalists. The conference offered case studies of cybercriminals compromising connected cars, wearables and medical devices. It examined the threats to companies and consumers, and asked participants to consider how to better defend against those threats.

Last year’s event included a presentation by one of IBM’s IoT security engineers. IoTSF is looking to build on the popularity of that event by incorporating the outputs of its working groups and offering tracks for both mid- and senior-level managers. There are also more technical details for practitioners.

As more devices come online, enterprises need to address the security implications. Consider what an IT professional could learn and share about IoT security by working with like-minded people.

More from Endpoint

Unified endpoint management for purpose-based devices

4 min read - As purpose-built devices become increasingly common, the challenges associated with their unique management and security needs are becoming clear. What are purpose-built devices? Most fall under the category of rugged IoT devices typically used outside of an office environment and which often run on a different operating system than typical office devices. Examples include ruggedized tablets and smartphones, handheld scanners and kiosks. Many different industries are utilizing purpose-built devices, including travel and transportation, retail, warehouse and distribution, manufacturing (including automotive)…

Virtual credit card fraud: An old scam reinvented

3 min read - In today's rapidly evolving financial landscape, as banks continue to broaden their range of services and embrace innovative technologies, they find themselves at the forefront of a dual-edged sword. While these advancements promise greater convenience and accessibility for customers, they also inadvertently expose the financial industry to an ever-shifting spectrum of emerging fraud trends. This delicate balance between new offerings and security controls is a key part of the modern banking challenges. In this blog, we explore such an example.…

Endpoint security in the cloud: What you need to know

9 min read - Cloud security is a buzzword in the world of technology these days — but not without good reason. Endpoint security is now one of the major concerns for businesses across the world. With ever-increasing incidents of data thefts and security breaches, it has become essential for companies to use efficient endpoint security for all their endpoints to prevent any loss of data. Security breaches can lead to billions of dollars worth of loss, not to mention the negative press in…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today