Story image

IoT: Productivity boost or Pandora’s Box of security issues?

24 Jan 2019

Article by HCL Technologies engineering and research and development services president GH Rao

The Internet of Things promises to deliver significant productivity improvements across a range of industries in Australia – provided enterprises can rise to the challenge of protecting the extraordinarily decentralised ICT infrastructure the model demands.

The term IoT refers to an array of digital or computing devices, such as microchips, transponders and in-built sensors, which transfer data via a network or the internet.

Organisations have begun using the technology to track assets, improve efficiency, boost customer service and gain greater insight into their operations.

Australasian consultancy IoT Stream lists a gamut of local use cases: the refrigeration supplier that monitors temperatures remotely to ensure its equipment complies with health and safety regulations; the resources company which is improving its asset management process by using sensors to record remote engine hours for its fleet of heavy vehicles; and the adventure tourism business that’s deployed an IoT solution to keep track of its kayaks when they’re on the water.

A 2018 report produced for the Australian Computer Society by management consultancy PwC identified construction, mining, healthcare, agriculture and manufacturing as the local industries which had most to gain from broad take-up of IoT technology.

Australia may be able to “leapfrog the productivity gap through the intelligent use of the IoT” and for some sectors it may represent the opportunity to “undergo radical transformation and make a fresh start”, the report notes.

Embracing the IoT could add hundreds of millions to GDP, boost productivity and make exports more competitive, as well as putting individual businesses which deploy the technology on stronger footing.

Smart – but is it safe?

The benefits of IoT adoption are compelling – but only if enterprises are able to ensure the security of the infrastructure they deploy and the integrity of the data it transmits.

The challenges differ significantly from those which arise from more conventional technology infrastructures and understanding and planning for them is key to the success of every IoT project roll-out.

Traditional security strategies don’t work when organisations are managing dozens, hundreds or tens of thousands of small devices dispersed across a large area.

IoT breaches have the potential to result in more than just data compromise. In some instances, a security incident may have implications for human safety.

Key challenges

IoT security is a challenge which continues to compound, as more devices are added to networks, at home and abroad.

Gartner estimates around 26 billion devices will be connected by 2020; creating an attack surface of considerable complexity and almost infinite scope.

Before embarking on an IoT roll-out, organisations should consider the following security risks and determine whether they can be addressed or mitigated adequately.

Security of devices

Networks are only as secure as their endpoints and because of the way they operate, IoT devices can be more vulnerable than traditional computing devices.

They come with a unique set of security challenges:

  • IoT devices can’t be ringfenced in the same way as traditional devices because they’re connected continuously but may only transmit data periodically
  • Devices typically have limited computational and data storage capacity, which makes them unsuitable candidates for the installation of security tools
  • A high volume of connected devices, coupled with irregular communication patterns, can overwhelm many security systems. Data patterns which might indicate a compromise or attack in a conventional IT setting can represent Business As Usual in an IoT setting.

It’s vital for enterprises to ensure each IoT device they deploy does only what it is intended to do and has no scope to be infiltrated or reprogrammed by hackers or cyber-criminals. Large sections of code may need to be protected through encryption or access control.  While it’s essential for speed and efficiency, Over the Air (OTA) update capabilities for software and firmware updates can compromise the security of an IoT system.

Security of communications

Securing network protocols can be a significant challenge, given IoT communications can occur over a combination of public, private, industrial and IT networks.

Many IoT devices have a paucity of computing power, which means the burden of providing data and network-based encryption typically falls to gateways.

In addition to supporting multiple types of connections and device architectures, these must be robust enough to secure vast amounts of structured and unstructured data.

Security of the cloud or data centre

Data from IoT installations typically feeds into applications and the cloud.

Application interfaces are likely to feature open-source libraries and technologies; making them vulnerable to infiltration.

In addition, all types of IoT devices and users connect to the cloud remotely and protecting each and every one of these connections is vital to the security of the whole.

Tech Data to distribute Nutanix backup solution in A/NZ
Tech Data will distribute HYCU Data Protection for Nutanix backup and recovery software to their network of partners across Australia and New Zealand.
Veeam releases v3 of its MS Office backup solution
One of Veeam’s most popular solutions, Backup for Office 365, has been upgraded again with greater speed, security and analytics.
Too many 'critical' vulnerabilities to patch? Tenable opts for a different approach
Tenable is hedging all of its security bets on the power of predictive, as the company announced general available of its Predictive Prioritisation solution within
Industrial control component vulnerabilities up 30%
Positive Technologies says exploitation of these vulnerabilities could disturb operations by disrupting command transfer between components.
McAfee announces Google Cloud Platform support
McAfee MVISION Cloud now integrates with GCP Cloud SCC to help security professionals gain visibility and control over their cloud resources.
WatchGuard announces A/NZ partners awards
Four Australian companies were named partner award winners at the WatchGuard conference in Vietnam.
Telstra’s 2019 cybersecurity report
Cybersecurity remains a top business priority as the estimated number of undetected security breaches grows.
Why AI and behaviour analytics should be essential to enterprises
Cyber threats continue to increase in number and severity, prompting cybersecurity experts to seek new ways to stop malicious actors.