From its beginnings, the IoT space has been touted as technology’s next big growth area. Exact numbers vary from one research company to the next but there is no doubt that we are still just at the start of this huge IoT evolution. As IoT moves towards its adolescence, new challenges are starting to emerge. Trina Watt, CMO at Foundries.io, explains these new IoT challenges.
Hacking and ransomware attacks on large organisations, healthcare institutions and individuals are now a daily occurrence and part of the move to more remote lifestyles. Prioritising security is now more important than it ever was and for many organisations it is a case of ‘when’ not ‘if’ they will be hacked.
The need for increased security is now driving cultural changes in organisations as well as for individuals:
- IoT devices are high up the list as potential security vulnerability points for hackers. Security is now vital, not an option.
- From a commercial/industrial perspective it is about keeping data safe, enabling control over their locations and making sure optimal productivity is achieved without compromising security.
- For domestic settings it is about keeping your data and videos secure. You need to have control over who can access and see your data.
The top of IoT device requirements
If there is one thing that 2020 has taught us, it’s how quickly things can change, often completely out of our control or influence. One word that is mentioned more often is ‘remote’ – remote working, remote socialising, remote healthcare, remote monitoring. So what does this shift to more remote activities mean to the design of the next generation of IoT products? Security is central to enabling these remote activities to be viable – not only at the start of a device’s lifespan on install but throughout its entire working life.
Secure for longer
As IoT devices become more instrumental in our lives, the ability for devices to last longer becomes more important, and along with this the cost effectiveness of maintenance is paramount. Legislation is starting to emerge making it imperative that IoT devices of the future must come with information at the point of purchase, assuring consumers of how long a device will be updated and kept secure for.
Both the US and UK governments have announced in recent weeks a commitment to legislation around cyber security and IoT device security over their active lifetimes.
So what challenges do these trends create?
No matter the end device or use case there are some common challenges that affect all IoT devices:
Enabling and maintaining secure devices throughout their active lifetime: Security now needs to be built into devices from the start. It is no longer acceptable for a device to be secure when it ships with no future-proof assurances. Instead, it needs to have a process of being securely updated throughout its installed lifetime. It can no longer be an afterthought or an optional extra.
Security also needs to be considered end-to-end, taking into account any gaps in the security processes that may offer up vulnerabilities.
Cost effective development, deployment and maintenance to increase time to market: The COVID-19 pandemic has accelerated a wide range of aspects of life including a decrease in shops and retail with increased online purchasing, and a move away from coins and notes to electronic payments. We’re also now seeing increased adoption of electric cars. All of these changes are accelerating, and thereby shortening the time to market for new products. So development cycles are being shortened and as larger fleets of devices are going live, more focus is falling onto how devices are securely deployed and maintained.
Companies need to focus on how they innovate and differentiate themselves in these accelerated markets and this requires more emphasis by engineering teams on the value-add aspects. This is putting more demand on key resources, including knowledgeable and highly experienced security experts.
Long term secure maintenance: For devices that are installed in smart cities for example, the expectation is they will last for over 20 years before they need to be replaced. Historically, smart devices have initially grown out of the consumer space and have not had these demands. This hybrid between the needs of small, cost effective solutions that have the lifespan of their more robust industrial counterparts has pushed long-term maintenance to the front of OEMs’ minds. Having the ability to offer an extended lifespan will become increasingly critical.
Extended lifespans have been expected in the industrial space for many decades now. Factory automation solutions often need over 20 years of support as standard. Secure Over-the-Air (OTA) updates are a key feature to enable a cost effective, predictable maintenance approach. So no matter where the device is installed it can be updated securely when it needs to be updated. By building this in from the start of a device’s development, all the pieces are in place to manage and maintain devices remotely as instances and issues perpetually arise.
As IoT moves to the next stage in its evolution, there must be a shift change in the security of all industrial and consumer devices. Security can no longer be an add-on but instead needs to be built into the core of IoT devices, and with all devices continuously monitored, maintained and updated for life using the latest software.
