Breathe Easier: Secure IoT May be Simpler Than First Thought
November 24, 2015
By
Steve Anderson, Contributing Writer
The Internet of Things (IoT) has some great promise attached to it. A system that will run like the Internet itself does, but using everyday appliances as nodes operating almost like websites means that many things previously unavailable to users suddenly will be. All those connection points, however, leave many worried about issues of security. A new report from Flexera Software's Software Monetization blog details how IoT security may be closer to hand than expected.
With a host of new IoT devices coming out—from the Nest Thermostat to a host of devices that allow for remote monitoring of household or business systems—it's easy to see where the concern lies. That many devices on hand mean a lot of potential points for hackers and other bad actors to break into the network. It could be easily forgiven for thinking that a Nest Thermostat may not boast the same grade of security as a desktop PC, but some components of the IoT actually come with onboard security.
There are actually several layers of security a part of the IoT can enjoy, and three of these levels are connected to individual devices. Device level security, for example, uses things like secure booting, which allows only trusted software to run at the startup process. A second layer comes in at the operating system, where known vulnerabilities like simple passwords and buffer overflows are eliminated to the greatest extent possible. Operating system level security also allows for things like containers to serve as sandboxes for incoming files, and the ability to make secure accounts with specific privileges in the system. The application layer uses secure coding principles, and the network layer—the part that connects the IoT devices—is the last part.
It's this combination of secure forces that can make the IoT particularly strong against break-in attempts. Like a house with multiple door locks, one lock might be broken quickly, but a lock followed by a deadbolt is much tougher. Throw in a security system and vigilant neighbors and the chances of a break-in fall through the floor. IoT devices turning to multiple layers of security should be encouraging for those who want to bring in such devices to everyday operations. When there's four layers of security involved in the overall system, the idea that any one could be breached is reasonable. All four at once being breached, meanwhile, is a much more complex process, and one that leaves users much safer in the process.
Securing the IoT is vital to its eventual wide use. Most like the thought of a refrigerator that can order milk or a thermostat that can be changed from a different state, but such tools must be properly secured to ensure only the right people can use such.
Edited by Maurice Nagle