Internet of Things (IoT) technology offers businesses countless possibilities to learn about how customers use their products, trace a product from raw material to the end user, automate operations, enhance safety, lower costs, and more. Businesses in a wide range of vertical markets including healthcare, manufacturing, and retail are exploring ways to leverage IoT solutions, but they won’t do so at the risk of data and network security.
Vern Kasdorf, CIO of Loop Insights, Inc., says the biggest challenge end users face is that they don’t know what level of security has been enabled by the device manufacturer. “With the rush of new IoT devices entering the market, some manufacturers are taking shortcuts to get their products to market more quickly,” Kasdorf comments.
“Security frameworks exist, but there is no accepted IoT security standard,” he explains that reputable manufacturers are considering end-to-end security when designing their products. It could be something as simple as ensuring their devices have the processing power capable of running strong security measures. He says as more IoT devices make use of cellular networking technology, including LTE Cat-M1 and NB-IoT low power networks designed for IoT, device manufacturers will increasingly be able to rely on the well-designed security protocols of carrier networks.
4 Challenges to Secure IoT Implementation
Security measures that are a part of an IoT system’s design, however, are only one factor in keeping network and data safe. Kasdorf says some of the most significant security risks are related to how IoT devices are deployed, for example:
- End users or IT solution providers don’t change admin passwords. The Cybersecurity and Infrastructure Security Agency (CISA) advises using strong, unique passwords. Default passwords can simplify setup, but hackers can easily find them online, so they don’t provide any protection.
- Cloud services or corporate networks don’t properly authenticate the IoT device. End users must limit the exchange of data to only devices or users with the correct permissions.
- The end user’s IT staff doesn’t complete patches or updates in a timely manner.
Kasdorf comments that remote management and configuration can ensure that all devices are running the most recent, secure software/firmware version.
- Devices are connected that were never meant to be. Kasdorf says some users connect legacy devices to the internet with retrofitted IoT devices. He points out that these legacy devices were never intended to be internet-connected and may lack some basic security capabilities.
IoT deployments that aren’t secure can put the end user’s business at risk for cyberattack, data breach, regulatory fines and penalties, and a loss of business-partner or consumer trust.
How ISVs Can Help
According to Kasdorf, one of the most significant contributions ISVs can make to IoT security is to forge partnerships. “Security is an end-to-end consideration. End users can’t rely on only hardware manufacturers or ISVs to do their parts independently,” he says. “There must be a strong partnership between the software and hardware creators to ensure security is well designed and implemented.
He adds that ISVs can contribute to the security ecosystem for IoT devices by:
- Focusing on developing software with “security by design”
- Ensuring all IoT devices are thoroughly tested for security vulnerabilities
- Creating a certification program for hardware devices to ensure a high level of security
- Helping customers understand that they’re also responsible for securing their IoT environments by ensuring software/firmware updates and enforcing strong password policies
Research shows that security concerns are barriers to IoT adoption. A Bain & Company survey reveals that enterprises would invest in 70 percent more IoT devices if their security concerns were addressed, and 93 percent would pay an average of 22 percent more for IoT devices with better security.
Does your ISV business have the answers enterprises are looking for that will enable them to have the benefits of IoT with reduced cybersecurity risk?
About Loop Insights
Loop Insights is a location-based marketing intelligence platform that provides brands, agencies, and retailers with real-time actionable insights to optimize customer experiences. Loop Insights works directly with brands, agencies, and data partners to arm advertisers and marketers with real-time, actionable insights that build personalized customer experiences and loyalty. They also help retailers and enterprises discover, analyze and influence their customers within minutes of installing Loop Insights’ plug-and-play system. That system creates highly personalized marketing offers designed to increase basket size and repeat business without retailers having to do anything differently.