Break It, Fix It – The case for purpose-built IoT security

Spoiler alert: IoT security can’t be an add-on.

We are at a key inflection point with the new Internet of Things – specifically when and how IoT security is developed and deployed. The cause of this inflection is the vastly different composition, design and intention of today’s secured IoT devices when compared to past devices.

I’m talking about the original generation of IoT, things like desktop computers, laptops, notepads and smartphones.

For each of these, security is an add-on – it’s installed onto a device or performed at the network level. These computing devices are all designed and built with an available operating environment, memory and processing power, because the manufacturer doesn’t know exactly how you intend to use the device. Users have nearly unlimited choices of what they want to install and use, including the installation of security – anything from anti-virus or intrusion prevention, to web filtering and password storage.

When compared to these past devices, the new IoT is nearly the opposite.

Today’s IoT manufacturers know precisely how each device will be used. There’s neither a full operating environment on the device, nor any dedicated or extra processing power. There is zero extra memory or workspace to use, let alone room to install anything. In fact, it’s likely there isn’t even a user interface available on the device. Ideally all traffic to and from the Thing will be fully encrypted end-to-end (from device to cloud) – trying to apply or enforce a security policy with a network gateway would be impossible.

The only way to properly secure the IoT is with a new purpose-built solution, designed from the beginning to be embedded in the device. Whether at the chip level or as part of the software stack on the device, developers need to break the habit of relying on legacy technology used for securing past devices, and look to more complete solutions specifically designed to protect today’s IoT data.

Thanks for reading,
Grant

 

Grant Asplund is the Vice President of Sales and Business Development at CENTRI. To learn more, join Grant’s next live webinar on April 5th, where he and James Stennett, CENTRI’s Director of Product Development, will discuss “purpose-built” IoT security solutions, and the challenges of developing a complete package from scratch. Register Today!