I’m seeing a lot of pre-conference promotion of content from the big Internet of Things Expo out in Santa Clara in early November. One interesting presentation that is worth checking out (the slides are already online) is James Kobielus’s talk on how IT professionals should address the security challenges of IoT.
Kobielus is IBM’s program director for Big Data analytics product marketing. In his presentation, he tackles the question of whether the Internet of Things is (to use his words) “too big, diverse, pervasive, and dynamic to secure comprehensively?”
After all, history will show that we’ve done – at best – a so-so job of securing the Internet of machines. How will adding a few zeros to the number of connected endpoints make things better?
IoT will undermine even the tenuous walls we’ve built around our existing IT infrastructure: moving us to a boundary-less environment where millions of devices carry out billions of transactions.
Kobielus is clearly a skeptic on IoT security. But he also provides some good ideas on where to start on that (long) journey. (A PDF of his presentation slides can be viewed here.) Among them:
- standard IoT interfaces that incorporate robust security
- use of open security standards in IoT products
- modular, security aware hardware and software designs
- auditing and pen testing of IoT products (presumably prior to release)
- bulk provisioning of IoT devices, including security, configuration and software updates/patching
Big Data may be a key piece in that puzzle, Kobielus says: providing both a repository of things (identities, profiles, configurations) and metadata (device history, etc.). It could also be the basis for a kind of IoT governance, in which third-party suppliers of IoT components and services are held to task.
Read more via this article: Big Data’s Potential in Helping to Secure the Internet of Things in the Internet of Things Journal.