Know Before You Buy: How to Find Secure IoT Devices

As the number of IoT devices skyrockets, we are seeing the amazing powers of connected networks. Businesses are able to transform as they approach operations with smart, informed decisions. In the industrial sectors, IT decision makers have visibility into the OT networks and are now able to execute logic locally at the edge devices and transport critical data globally – enabling intelligent command and control of the network. We are starting to see glimpses of a connected world we never knew possible just a few years ago. As adoption of IoT rapidly expands, the Achilles Heel of these devices continues to be security – at least in the minds of end-users and consumers.

A Recent report circulating around IoT news outlets states that 90 percent of consumers lack confidence in the security of IoT devices.  Yet more than half of these consumers own one or more IoT devices. The report, based on a survey conducted by Gemalto, revealed other concerning and somewhat astonishing statistics that have been reported in recent articles, including:

• 60 percent of respondents say their main fear is hackers taking control of their devices.
• 54 percent are concerned about personal information being accessed.
• 54 percent of the consumers surveyed said they own an IoT device but only 14 percent said they knew enough about how to protect it.
• Only 11 percent of manufacturers and service providers total IoT budget is spent on securing devices. Two thirds of organizations use encryption as their main means of security, with 62 percent encrypting data as soon as it hits the device and 59 percent as it leaves it.
• Only 50 percent of IoT companies have adopted a security-by-design approach.
• 92 percent of companies reported an increase in sales or product usage after devices have been made more secure, demonstrating a link between security and adoption
• 61 percent of businesses said regulation needs to be greater to specify who is responsible for security and data at each stage of its journey. 55 percent said safeguards are needed for ensuring non-compliance with security.
• 86 percent of businesses and 90 percent of consumers believe governments should handle regulation of the sector.

Smart Device Selection

Despite security concerns, adoption of IoT devices continues to rapidly expand. For industrial IoT (IIoT) networks, future business success is going to depend on connecting those edge networks in order optimize operations, drive production, reduce downtime, and create a safer work environment. When decision makers choose the IoT devices that will be deployed in their networks, it is critical to find products that meet the security and operating standards of the business. This can be determined through a careful evaluation of options.

Are you looking to purchase IoT devices for your IIoT network? Consider carefully reviewing and answering these questions before you make your decision:

• What are your requirements? Must haves versus Nice to haves?
• Are there any regulatory considerations?
• What is the M2M communications technology controlling or automating? Is it essential that it operates without failure?
• What data is being collected and/or transmitted with this technology? Is it time sensitive and/or mission critical?
• What technology solutions have a proven track record for the applications being served?
• What external factors might impact the reliable transmission and receipt of critical data from one point to another?
• How does this M2M communications technology address challenges such as data encryption, network access control and signal interference?
• Can the vendor describe the security mechanisms? Can you understand them?
• Will this be secure even if everyone knows the security measures? (The right answer is yes, otherwise keep looking)
• Do we need this technology solution to be fail-safe, in order to prevent or eliminate catastrophic damage from occurring?
• What are the threat vectors I’m most concerned about?
• Is cyber security or physical security a greater concern for this deployment?
• What vulnerabilities have the Information Security community identified in the type or category of IIoT equipment I use?
• What is the right tradeoff between features, ease of use and security for my installation?
• Do I have a testing or evaluation plan in place?
• What ongoing improvements do I expect?

While device security is going to be a lingering concern – especially as the lines between the IT and OT networks blur – companies have the power to prioritize security in their networks and make informed decisions when it comes to selecting their devices. Until there are more government guidelines in place, it is up to the IIoT decision maker to find these options in their quest for connectivity.