Industry View: How Will We Secure the Internet of Devices?

By Adrian Turner, CEO, Mocana

The rate at which mobile devices are proliferating is staggering. In fact, there are predictions that the number of devices on the Internet could reach far into the billions in the next three years. According to a recent white paper by Harbor Research, there are approximately 2.8 billion mobile phones in use today, with 1.6 million new ones added daily. Whether you call this phenomenon "the network of devices" or the "Internet of things," the underlying message is the same. Connectivity now encompasses everything from TVs and cell phones to cars, medical devices, networking equipment, industrial sensors, aircraft and everything in between. Sounds good, right? Not necessarily.  

Swift consumer adoption is driving mobile market growth but it is also creating increased complexity and security risks.  The Internet is tremendously more complex due to the number and diversity of devices connected to it and the expansion of communication (voice, video and data) that traverse it. Security is a big concern in our new connected society, but who’s responsible and accountable for a security breach? Is it the consumer who inadvertently downloaded a virus? Is it the device manufacturer who didn’t design security software correctly from the start? Or, is it the fault of the service provider or carrier whose network the data moved across? 

Unfortunately, when it comes to security, the industry has not outlined a proven "best practices" approach. Typically, security design decisions are made on an ad-hoc basis and different approaches are used for different products. 

Device manufacturers have the most responsibility and control when it comes to device security and perhaps, the most at risk.  Devices or PCs connected to the network can be exposed to viruses that infiltrate a machine without the user even knowing it. Additionally, if security is not employed efficiently on a device, battery life and performance of the device also suffer. Even if the device is connected via branded services, the consumer only sees that his/her device isn’t working and assumes that it is the fault of the device manufacturer. Support calls increase, device manufacturers get stuck with the blame, and devices get shipped back for trouble shooting.

The problem is that many device manufacturers have an incomplete security approach or refuse to acknowledge that it is their issue to address at all. Designing and budgeting for security while in the product design cycle is viewed as inconvenient by manufacturers.  However, this stance is shortsighted when the cost of supporting a device over its useful life is taken into consideration. The irreparable damage to customer confidence and brand equity caused by devices that are compromised is unquantifiable. Additionally, even the most trivial security breach through incomplete device defenses can impact shareholder value for device manufacturers. 

A device manufacturers’ approach to security affects service providers and enterprises as well. Service providers consistently strive to deliver a first-class consumer experience and the potential for compromised devices connecting to their networks poses great risk to their business. Service providers, carriers and emerging service providers such as Yahoo and Google want to be able to offer enhanced, revenue generating services that enable people to transact, and consume valuable content and data online. If there’s a loss of confidence or trust in the device’s ability to leverage those services, people will simply stop transacting.  For enterprises, improperly secured devices pose significant risk to network data security, with huge negative implications for customers, partners, and ultimately future sales.

To address the device security challenge and maximize the potential of "the network of devices" everyone – device manufacturers, service providers and enterprises - must assume security responsibility and recognize the need to centralize and standardize how device security is dealt with on all devices, wired and wireless. We must take a more holistic security approach and apply an extensible framework that secures all aspects of device data access and communications for any connected device. Securing devices is an industry imperative - doing it the right way will pay for itself in multiples in our increasingly connected world.

Adrian Turner has more than 15 years of international business experience. Prior to founding Mocana, Turner was responsible for West Coast Business Development and Alliances for Kenamea, an enterprise communication firm specializing in reliable, secure communications. He also had P&L responsibility for developing infrastructure to support Philips Electronics’ connected consumer and business devices. Prior to that in 1996, Turner launched the world’s first network of 225 coin operated Internet kiosks in the Australian market.

# # #

New! Download the State of Cybercrime 2017 report