When it comes to the Internet of Things, many companies still prefer to watch and wait – due to worries about data security. This, despite the fact that it has become increasingly easy to protect data from outside attacks, and that most attackers cannot use most raw data anyway, as they lack the means to interpret that data.
The economic potential of the Internet of Things is huge. According to the research consultants at Gartner Inc. it will generate almost billion dollars in economic value by 2020. By comparison, Gartner estimates the entire value to be generated by the IT and telecommunications sector in 2015 at 4 billion dollars. "The Internet of Things and Services is a strategically key market, which will grow fast and strengthen income and cost efficiency," maintains Gartner research director Peter Sondergaard. So what is holding some companies back from jumping onto a moving train? The answer: data security questions. Questions like: How to defend yourself against potential intruders who are intent on tapping into company data? Where is the data stored? And what happens when unauthorized parties attempt to access it?
Most security doubts are based on a false assumption – one that equates the Internet of Things with the conventional Internet. But whereas the conventional Internet connects freely accessible computers, tablets and smartphones with each other, the Internet of Things is actually closer to being a collection of closed networks. Since all of these are different, based on the individual devices and the specific requirements of each one, they all require different security solutions. "There won’t ever be a one-size-fits-all security solution for the Internet of Things," reports Bret Hartman, Chief Technology Officer at Cisco. He adds that is often unnecessary for companies to rack their brains over security matters, since their systems are not even cross-networked among each other or are else so simple as to be uninteresting to outside attackers.
It is also important to consider who any potential network attackers could be. The security experts at Watchguard (Hall 6, Stand F18) have the following take on this: "You need to question the individual motives and tactics of the respective attacker. This knowledge is essential for companies to be able narrow to down the special dangers to their business and implement targeted countermeasures."
Many questions involving data security in the Internet of Things are similar to the ones thrown up in the "Bring Your Own Device" debate: Companies need to be able to remotely delete data or deactivate devices that are lost or stolen, so as to prevent outside misuse.
Many users also operate according to the principle of "install and forget". Instead, they need to continually keep their firewalls and anti-virus software up to date. A patching strategy is of the essence.
But even in the case where data is lost or an attacker was successful in stealing data, most raw data cannot even be correctly interpreted by an outside party, says Steve Prentice from Gartner. The advantage networked objects create for users don’t actually come from the data itself, but from the interpretation of that data. This means it is more important to protect the data flows between the various interpretive levels.
"Create an inventory of all devices and a segmented network which is protected by a firewall and monitored by an intrusion prevention system," counsels Angela Orebaugh, security researcher at Booz Allen Hamilton, a technology consulting firm. Data which is easy to interpret, on the other hand, needs to be protected even in its "dormant" state.
In principle the main security challenges in the Internet of Things are old, familiar hurdles. This means that companies need to transfer their security strategies to the new system and then resolutely maintain that system. This will eliminate any need to refrain from tapping into the great potential offered by the Internet of Things.