The proposition of the Internet of Things (IoT) is one of staggering depth, capable of beggaring even the most active imaginations. And why not? This concept allows objects to readily interconnect with central hubs for all-in-one operation, reporting, and a host of other potential functions. But with all these different points for connection comes a lot of potential failure points as far as security goes, and that's got some looking at the idea of security on the IoT a lot harder than normal. Three simple—if not necessarily easy—steps, however, should go a long way toward keeping the IoT a safe and useful prospect.
With the growth of information about hacking of late, from major corporations' records being compromised to components of the IoT—everything from cars to toilets—getting hacked, it's easy to see why concern is growing about protecting the IoT. Some have even suggested that a better name for it might be IoTTCBH, or Internet of Things That Can Be Hacked. While this might be a bit alarmist, it's worth taking the lesson; security for this new technology must be as important as regular Internet security is. So how to go about providing that security? It could be as simple as a three-stage process.
One, realize that the users of the IoT are imperfect. Mighty passwords will be concocted and forgotten because said passwords were too complex to be easily remembered. Simple passwords will be brought in as easily remembered, but likewise easily hacked. Sometimes, default passwords will be left in operation, a development that could be disastrous. But sometimes something as simple as reminder messages—or even compelled instructions—can be enough to nudge a user correctly.
Two, start from the beginning, and follow through to the end. Consider how the things in the IoT will gather data, and relay it back to central hubs. The more angles that a company can consider, the more potential breaches said company will be able to spot and, from there, potentially defend against. Everything that can be spotted in advance is one less potential access point, and while not everything can be secured all the time, the fewer chances to break in, the better.
Three, audit the overall infrastructure to make sure that it's doing the job it needs to be doing, and to find potential issues while same are occurring. The need to understand how the various parts of the system work together is of extreme importance, and having a good handle on what's normal—or within a normal range, anyway—can be a huge help in terms of spotting what's abnormal, and responding to it quickly before it becomes something serious.
It's essentially a combination of forbearance, consideration and vigilance. Those who realize that human error is a part of life, those who consider the system from the ground up, and those who understand what's normal in the system's operations are the ones who are most likely to find problems before said problems become serious.
Planning ahead may be the best lesson anyone can take out of the IoT, and those who do plan ahead are likely to achieve the best results from such an operation. There's plenty of value in the IoT, but protecting it is the first step to realizing that value, so the steps listed previously should be most of what's needed to ensure the IoT is a value-generator, not a free bridge for hackers.
Edited by Maurice Nagle