Who is responsible for IOT security?
With the number of connected devices increasing exponentially, keeping the massive amount of data created by these devices secure is a major concern. And the lack of industry standards for companies to follow is not helping.
"Keeping data safe can be a confusing process," says Zachary Crockett, founder and CTO, Particle, an Internet of things (IOT) developer platform.
Ultimately, he says it's the responsibility of the entity that owns the data to ensure its security, particularly when it comes to consumer devices.
"For enterprises, responsibility must be shared reasonably between the manufacturer and the enterprise that manages devices on-premises. Privacy and security practices should always be researched during due diligence when selecting vendors, especially in IOT."
It is possible to create IOT devices that are secure at every layer of the stack, Crockett says, and some manufacturers of these devices do take security seriously. "Industry-standard encryption for data transmission across untrusted networks is a must."
However, few companies have the ability and diverse capabilities required to make IOT products truly secure, he says.
Electrical engineering, mechanical engineering, firmware design, network security, database administration, cellular connectivity, message queuing, system monitoring, disaster recovery, mobile, front-end and back-end development, cloud, data science and machine learning are some of the necessary skills, he notes.
"And security flaws can appear in any of these areas."
The best way to ensure IOT devices are secure is to find IOT platform partners that understand this diversity and have the necessary security expertise.
"Work closely with fewer partners with deep, cross-functional expertise. IOT initiatives that reinvent and outsource too many of these individual pieces without the deep integration needed across layers of the stack will inevitably fail.
"As the IOT continues to grow, even though some products are cheap and insecure, I am optimistic about the future of security in IOT," he says.
Any manufacturer creating devices targeting enterprise customers in 2019 cannot help but be aware of market fears, uncertainty, and doubt about privacy and security. Additionally, there are more and more toolkits and platforms for IOT that are secure by default. New entrants will increasingly make use of these platforms at the heart of their solutions, he concludes.