Some experts see the Internet of Things (IoT), or the Internet of Everything, as the next industrial revolution, in which a new category of devices will start communicating with each other with little or no human intervention. But how does data protection fit into the picture?

In the IoT, multiple sensors, tiny computer chips and communications devices will be integrated with physical objects such as appliances to enable communication between them and other computing devices such as cloud servers, computers, laptops and smartphones.

The IoT offers enterprises and businesses tangible benefits. For instance, through the IoT, information analysis will be available in real time. People and companies alike will be able to make more accurate decisions, reducing operational costs and increasing efficiency with real-time analysis. The IoT also offers more control and automation. Having sensors and smart devices will allow corporations to program the execution of automated and repetitive tasks by defining multiple scenarios with their corresponding responses.

Data Protection and the IoT

The estimated growth of this new trend in the market is expected to hit between 26 billion and 30 billion devices by 2020, with an estimated market worth of between $6 trillion and $9 trillion.

To put this in context, the following are some interesting implications (including ones concerning data protection) that relate to the explosion of these interconnected devices:

  • These devices will constantly generate huge amounts of data, so we will need faster networks, larger storage capabilities (likely in the cloud) and more bandwidth to support the growth in Internet traffic.
  • There is not yet an open ecosystem to host these devices to make them interoperable like there is on Microsoft Windows, Apple iOS and Google Android ecosystems.
  • Vendors are creating private networks for interoperability among their own products, but these are incompatible with others. This creates a major challenge for integration across multiple solutions.
  • The current Internet protocol (IPv4) cannot handle the growth in the number of interconnected devices on the Internet. This will trigger the need to switch to a more scalable protocol, such as IPv6.

Security and the IoT

With this in mind, you may be concerned about how to deal with security in the IoT. The following are several security challenges that will need to be faced as the IoT gains steam:

  • If we already have trouble today keeping our computers, smartphones and tablets updated with the latest version of code, won’t it be a nightmare trying to keep these millions of devices updated and free of security bugs?
  • With the amount of data these devices will generate, how do we navigate the sea of data to identify suspicious traffic over the network? What if we miss incidents because we are unable to identify them?
  • Proprietary and enclosed implementations such as those that vendors are creating today make it harder to find hidden or unknown zero-day attacks.
  • Even though IPv6 has been present for some time, this protocol has not yet been fully perfected. As with everything that is new, we have to handle new and unknown weaknesses. That being said, the way we apply security controls over IPv4 may not be useful or relevant for protecting IPv6.

Watch the on-demand webinar with Arxan and Forrester to learn more about securing the IoT

Solutions

There is no simple answer to address these challenges and manage the security of these interconnected devices. However, the following are some actions we must take to overcome these adversities:

  • We must have a truly open ecosystem with standardized application programming interfaces that enables interoperability with a reliable and automatic patching system.
  • Devices must be hardened with the best practices in the market to protect against common security exploits.
  • Devices must be well-protected on the connected networks (intranet and Internet).

This technology is still in its infancy, and we will have to wait a while before it gets to a more mature state that is driven by the whole industry. What can we do in the meantime? Look into existing proprietary ecosystems and analyze which ones have the features that best fit your business needs. These include their scalability and the ability to isolate these small and elusive devices on a separate network (using virtual local area networks) protected by firewalls or at least with screening routers.

More from Intelligence & Analytics

New report shows ongoing gender pay gap in cybersecurity

3 min read - The gender gap in cybersecurity isn’t a new issue. The lack of women in cybersecurity and IT has been making headlines for years — even decades. While progress has been made, there is still significant work to do, especially regarding salary.The recent  ISC2 Cybersecurity Workforce Study highlighted numerous cybersecurity issues regarding women in the field. In fact, only 17% of the 14,865 respondents to the survey were women.Pay gap between men and womenOne of the most concerning disparities revealed by…

Protecting your data and environment from unknown external risks

3 min read - Cybersecurity professionals always keep their eye out for trends and patterns to stay one step ahead of cyber criminals. The IBM X-Force does the same when working with customers. Over the past few years, clients have often asked the team about threats outside their internal environment, such as data leakage, brand impersonation, stolen credentials and phishing sites. To help customers overcome these often unknown and unexpected risks that are often outside of their control, the team created Cyber Exposure Insights…

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today