Samresh Ramjith, chief solution and marketing officer, Dimension Data Security Solutions Middle East and Africa, discusses how the Internet of things will affect security.
Ramjith, who will present during ITWeb Security Summit 2015 between 26 May and 28 May, explains how rapidly SA is moving to an Internet of things (IOT) world, and outlines the threats this presents, in a question and answer session with ITWeb.
ITWeb: How rapidly is SA moving towards an IOT world?
Ramjith: The move to IOT is quite subtle - many of us are using IOT services on a daily basis without actually having labelled them as such. For example, fitness and activity trackers are commonplace with the health-conscious - we see many brands and services being advertised and consumed - all part of the IOT. In addition, we have connected cars, appliances, home automation services, environmental monitoring, security services - all mainstream in South Africa, and all part of the Internet of things. So, I don't think it's a question of moving towards an IOT world - more like we're already living in that world but are not consciously aware of it.
ITWeb: What does this mean in terms of the number of devices that will be connected locally, given bandwidth costs and constraints? Will we be behind the curve compared to developed countries?
Ramjith: IOT functions on a multitude of levels - at its most basic, sensor data is a tiny packet of information requiring very low bandwidth and is mainly just a data point being logged. Many consumer devices simply use a smartphone as the communication gateway, while more sophisticated IOT devices, for example real-time vehicle telemetry information, may require significantly more bandwidth, as would streaming YouTube HD videos to your car. Ultimately, the use case needs to cater for connectivity and bandwidth in order to provide a seamless, valuable user experience. Fortunately, as a country, we are very well connected via a plethora of undersea fibre cables (which is often the difficult component). What we need, however, is better, cheaper access to that connectivity. This creates an opportunity for service providers and niche players to provide enablement across vertical markets by providing access connectivity at more cost-effective rates.
ITWeb: How does this aid/hinder SA when it comes to finding security solutions for an IOT world?
Ramjith: In the IOT world, access to connectivity is a small component in the overall solution and speaks more to user experience as opposed to security. The challenge with securing an IOT environment is that many of the devices employed for sensing and actuating are not built with security in mind. For example, virtual private networks (VPNs) are commonplace in many mobile computing environments to protect the confidentiality of information in transit, but many low power IOT devices (sensors, actuators) do not have the physical computing power or memory to support VPN services. In this case, should the use case require data security at the communications layer, then these devices will not be feasible. So it's the use case that determines the security requirements, and thus the infrastructure and services needed to support the use case.
ITWeb: What are the main threats a connected world presents?
Ramjith: One of the most significant concerns that an always on, always connected world represents is the loss of personal privacy that many will experience. With a host of connected services and devices monitoring, sensing, locating and transmitting statistical and positioning information all the time, it will become nearly impossible to 'go off the grid'. Intelligent digital signage will track faces and eye movements to judge the effectiveness of the sign, but could just as easily be used to look for particular individuals or to provide very targeted advertising based on the profile of the person viewing the content. This calls into question how, for example, children's information would be handled, or how one could opt-out of such advertising. New legislation would need to be enacted determining how augmented reality devices, such as Google Glass, could be used in order to prevent or detect voyeuristic behaviour, such as the recording of confidential meetings or publishing content without authorisation.
ITWeb: How can the connected world be protected?
Ramjith: Protecting the connected world will prove to be quite a complex task, for the simple reason that there is already such a vast array of use cases across nearly every industry all using significantly technologies to achieve results. The security approach will need to extend risk management principles to map controls (or create new ones) that are relevant and achievable for a given use case. For example, in a consumer use case of a data-logging wrist band being connected to a smartphone app before transmission to an online portal, each component of the chain will need to be individually secured. This would possibly require secure storage of the data on the smartphone app (if personally identifiable information is going to be used) which in turn would have required secure software development of the app. This app would then need to secure transmit data to the online platform which would most likely need to implement role-based access control and the usual Web security requirements in order to safely publish content. A lot of this is present day good practice, but there may be use cases we've not even considered yet, or where people's lives may be at stake (think self-flying passenger planes, self-driving cars, robotic surgery, autonomous military drones) which would require strong, comprehensive security controls to prevent or mitigate against cyber attacks that could jeopardise the system and hence the safety of the people involved.
Share