Why DIY is DOA for IoT Security

For years, we in the computing industry have always had a safety net when it comes to securing our devices. In the past, no matter what type of device we acquired, we always could ‘add’ security applications and utilities AFTER we acquired it. We could add anti-virus or intrusion detection/prevention or web filtering and parental controls. The number of products and solutions is too long to list but suffice to say, because the criticality of security is so high, there are many, many comprehensive ‘commercial’ solutions available.

Securing IoT (Internet of Things) is unlike any other computing device or platform we’ve secured over the last three decades. As explained above, like icing on a cake, nearly all previous security solutions have been ‘layered’ on top of the device. This approach and method to secure IoT simply is not possible. For IoT, security needs to be in the cake batter… before the cake is baked. This requires security to be designed into the device. And, there are multiple aspects of security needing to be addressed including but not limited to, authentication, identity, data security and protection. Additionally, there must be consideration for post-deployment security. On-going device management including updates must also be part of the design.

Additionally, because of the critical importance of IoT in today’s IT infrastructure, the need for commercial solutions to secure, manage and maintaining IoT has exploded. Companies are now passing the threshold of tolerance for using open source or DIY solutions. This is an evolution and maturity of solutions we have seen in other areas of IT… for example, few companies today use B.I.N.D. to manage their DNS or use IP Tables for managing and enforcing sophisticated firewall security policies for their enterprise – most organizations seek out commercial solutions for these critical uses. Today, companies need a complete solution to secure IoT including management (GUI), reporting and analytics. Organizations need solutions to be flexible and able to support virtually any deployment model. And, they need IoT security to be simple, nimble and purpose-built… and designed to be ‘in the cake batter’ and not layered on.

Don’t Miss This:
I hope to see you in Toronto at the Connected Plus event next month, June 20-21st at the Toronto Metro Convention Center! Be sure to catch my keynote of the same title and topic, “Why DIY is DOA for IoT Security” on Tuesday, June 20th at 1:30 pm EST. CENTRI will also be in booth #717 for conversations and demos on IoT security.

Thanks for reading,
Grant

 

Grant Asplund is the Vice President of Sales and Business Development at CENTRI . Grant has over 30 years of experience in sales, marketing, business development and management in enterprise software. He enjoys sharing his thoughts on IoT security online and presenting at industry events. Connect with Grant on LinkedIn.