Preventing idIOTic Security Breaches
The Internet of Things (IoT) is fantastic isn't it?
Well, it is and it isn't. It certainly gives us all sorts of interesting capabilities. On the other hand to hackers, thieves, and assorted bad people, the security on most of our IoT products looks a lot like the gate on the picture to the left.
For the life of me I cannot figure out what the attraction is of having a juicer connected to the web but, live and let live, right? So now we live in a world that where the things that surround us are all linked and networked and online.
And it can all be very useful, can it not? Having your car talk to your home's thermostat and turn on the heat just in time for your arrival can be fantastic. I get that. Or have you front door's lock notify you when your kid gets home—that sounds like a great thing to have.
IoT is also an open invitation for the bad guys to make themselves at home. Come right in, help yourself, it's not like we'd like to keep things around here secure.
The way security is designed for a lot of IoT products is frankly idIOTic.
Here's the problem with all of these nice things. To say that cyber-security is complex is an understatement. It takes dedication and experience to keep up with the latest advances in security and that's where the problem lies. How many of the people that make actual physical things do you think are also experts in security? Some, for sure, but most of people building great new gizmos want to build the gizmos themselves, right?
I don't want to say that cyber-security is an afterthought but it is certainly not front and center. It's something you add onto whatever it is that you're making after you've made it. The people making things are not—as a rule—also security experts. So after they've built that fantastic juicer they go looking for whatever locks and fences they need to add to it to make it "secure". In this way security ends up being forced onto an existing product. Quite possibly not the best way to do things.
If you've read anything else I've written, you will have noticed that my favorite flavor of innovation is customer intimacy. That is the blessed state in which the innovators understand the needs of their public so well that they can anticipate those needs.
They've made it their business to know the security needs of IoT producers better than the companies making the juicers and the cars and so on. Not only that but in a truly inspired move they provide all of this knowledge as a platform. That way developers don't need to take a deep dive into the mysteries of cyber-security. All they need to know is what boxes to check on a friendly menu et voila, IoT security built-in from day one.
If this were an innovation meal we'd be served a large portion of customer intimacy with a healthy seasoning of operational excellence.
Innovation comes in many forms and some of the most exciting innovations are invisible. You'll probably won't notice that your car wasn't hacked, or that data thieves couldn't use a connected medical machine to steal your personal data from a hospital, and that is as should be. It's also what we need in order to take IoT from a buzzword to a development we can truly trust and use.