Securing the Future of IoT

Securing the Future of IoT

It’s incumbent on IoT device manufacturers to build with a “security by design” mindset. And that means a future-proofing flexible approach, not one that’s hardware-centric.

Whether you know it or not, we’re surrounded by the Internet of Things (IoT). Casually as we go about our daily lives, we navigate through an invisible IoT network, surrounded by device to device communications as different devices and objects trade commands and exchange our data with one another. This is the era of smart devices. Smart homes where everything can be controlled by the touch of a button, connected cars that can detect potential hazardous road conditions and communicate with each other, and the ever-growing marvel of robotics that’s automating once-static devices.

In the case of smart homes, all of this connectivity makes our lives easier and ultimately more efficient. Our homes can become aware to our personal preferences, gas and electric bills can be reduced due to increase efficiency, and the precious environment is all-the-more-greener as a result.

But this explosion of connectivity is also unmatched in its risk. Smart doesn’t inherently mean secure, and with the millions of devices privileged to our personal information and data, the prospect of hackers infiltrating the intricate web of connectivity in our homes presents a serious threat to security and the well-being of our households and families.

This is why IoT device manufacturers must build with a “security by design” mindset, which begins by selecting a robust operating system that’s both secure and ready for future market demands. Devices need to not only protect home networks—they need to future-proof them. As malicious actors are constantly evolving their activities, businesses must be flexible and proactive in their approach to security, shedding the old hardware-centric view of IoT security. In addition, businesses risk missing out unless they differentiate on software-defined features. Software maintenance must also increase to align with a hardware device’s lifespan in order to stay relevant in the world of IoT and usable to the end user.

Apps for IoT

The Internet of Things is the gateway to the future. But like any gateway, unless somebody or something is standing guard, then anyone can walk in and tamper with your belongings. Thus, manufacturers are looking for ways to clamp down on that potential breach and secure their hardware.

For example, Fingbox, an IoT home-networking security and troubleshooting device developed by Fing, employs Canonical’s Ubuntu Core Linux-based operating system to help it secure and protect tens of thousands of homes. Ubuntu Core not only increases and enhances Fingbox’s hardware security, but also provides the necessary future-proofing by providing all of its software components in a secure and modular packaging format called Snaps.

Snaps are containerized software packages managed through Snapcraft, a platform that developers can use to build and publish Snap-based applications. Snaps enables developers to push software updates that install automatically and roll back in the event of failure.

The likelihood of an improper update breaking a device or degrading the end-user experience as a result is greatly reduced. If a security vulnerability is discovered in the code used by an application, the application publisher is notified so the Snap can be rebuilt quickly with the supplied fix and pushed out in a controlled and managed fashion.

In the case of smart-home devices, rolling out a security patch seamlessly without disrupting home life is a great advantage. Because external threats are ever-changing, and their degree and methods of attack vary, the modern home-security network demands an agile and reliable solution that can be managed by the home user.

Snaps are just one example in an emerging IoT trend that’s shifting from the traditional attitude toward embedded devices as being hardware-centric and a single, fixed function purpose. In the past, once a device was deployed to the field—for example, to help monitor performance and boost efficiency on a factory floor—there were minimal mechanisms to quickly deploy any feature updates or address any newly discovered security vulnerabilities. Hardware can no longer be static and vulnerable in the smart era of IoT, and device manufacturers are starting to realize the need for multifunctional, software-defined capabilities.

Ready for the Future

There is now a keen focus on updating and extending the functionality of IoT devices, similar to what we’ve all become accustomed to with the modern-day world of mobile devices and the smartphone. In this approach, companies can create and publish new applications and services via their own branded IoT app stores and extend device lifecycles as well as increase customer retention and revenues.

The app store approach also encourages the creation of license models and revenue streams based on specific feature enablement and user behavior. For example, Tesla can remotely configure their cars to enable self-driving capabilities in different models. Likewise, IoT devices can allow for mass customization of devices based on specific customer needs, licensing, and market demands for a device manufacturer’s brand-specific offering.

Devices equipped with the ability to properly support revisions and updates of applications typically have lower support costs, too. The fact that applications can automatically update to new operating-system or application versions means businesses can be assured that all of their users are on the latest and supported version. Rollback features can also give hardware components such as webcams, security cameras, and other connected devices an added layer of security, in case the hardware is ever compromised through improper software distribution. The previous high-profile exposures of security attacks such as Meltdown and Spectre show that, unfortunately, there’s no magic bullet to security.

The damage and disruption that could be wrought by an attack of this nature to our increasingly connected homes would be substantial. As people rely ever more on connected-home devices, the downtime of our appliances, like heating, water, or refrigeration, needs to be minimal. Therefore, an attack response must be able to keep systems operational as they move through a stream of software updates to protect against any unwelcomed threats.

It’s no longer the case that you can write software once and expect it to be secure and bug-free forever. Software will fail. The key is how quickly and comprehensively a business can respond to that failure—it’s a true business differentiator.

Secure the Device Now, Secure Your Business for the Future

Despite hardware security being crucial to home network security, companies still aren’t paying sufficient attention to securing their defenses. Instead, device manufacturers place the responsibility on the end-user to monitor the security and safety of their home networks. This isn’t sustainable in the smart era of IoT.

With the arrival of the IoT application approach, the security burden can be taken off the end-user and homeowners as well as businesses. They can now trust a single piece of hardware as it silently stands guard, updating and remediating any security issues that might arise.

Modern IoT devices demand heightened security. As the world becomes more dependent on smart devices to operate critical pieces of infrastructure, whether that be in your home, your car, or on the factory floor, device manufactures need to provide hardware not just for the issues of the day, but also for the issues of tomorrow. Future-proofing devices will become the standard for IoT security. It will also lead to the creation of new business models and additional revenue streams thanks to the extended lifecycle of devices.

If businesses can future-proof their devices, then they will future-proof their business for years to come.

Tom Canning, is VP of IoT Devices at Canonical, the company behind Ubuntu, and Carlo Medas is Co-Founder of Fing.

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish