Industry View: How Will We Secure the Internet of Devices?
The number of devices on the Internet could reach far into the billions in the next three years. From mobile phones to industrial sensors and medical devices - where will security fit in?
By Adrian Turner, Mocana
October 24, 2007 — CSO —
By Adrian Turner, CEO, Mocana
The rate at which mobile devices are proliferating is staggering. In fact, there are predictions that the number of devices on the Internet could reach far into the billions in the next three years. According to a recent white paper by Harbor Research, there are approximately 2.8 billion mobile phones in use today, with 1.6 million new ones added daily. Whether you call this phenomenon "the network of devices" or the "Internet of things," the underlying message is the same. Connectivity now encompasses everything from TVs and cell phones to cars, medical devices, networking equipment, industrial sensors, aircraft and everything in between. Sounds good, right? Not necessarily.
Swift consumer adoption is driving mobile market growth but it is also creating increased complexity and security risks. The Internet is tremendously more complex due to the number and diversity of devices connected to it and the expansion of communication (voice, video and data) that traverse it. Security is a big concern in our new connected society, but who’s responsible and accountable for a security breach? Is it the consumer who inadvertently downloaded a virus? Is it the device manufacturer who didn’t design security software correctly from the start? Or, is it the fault of the service provider or carrier whose network the data moved across?
Unfortunately, when it comes to security, the industry has not outlined a proven "best practices" approach. Typically, security design decisions are made on an ad-hoc basis and different approaches are used for different products.
Device manufacturers have the most responsibility and control when it comes to device security and perhaps, the most at risk. Devices or PCs connected to the network can be exposed to viruses that infiltrate a machine without the user even knowing it. Additionally, if security is not employed efficiently on a device, battery life and performance of the device also suffer. Even if the device is connected via branded services, the consumer only sees that his/her device isn’t working and assumes that it is the fault of the device manufacturer. Support calls increase, device manufacturers get stuck with the blame, and devices get shipped back for trouble shooting.
The problem is that many device manufacturers have an incomplete security approach or refuse to acknowledge that it is their issue to address at all. Designing and budgeting for security while in the product design cycle is viewed as inconvenient by manufacturers. However, this stance is shortsighted when the cost of supporting a device over its useful life is taken into consideration. The irreparable damage to customer confidence and brand equity caused by devices that are compromised is unquantifiable. Additionally, even the most trivial security breach through incomplete device defenses can impact shareholder value for device manufacturers.