There’s an interesting roundup piece on Internet of Things security by Nermin Hajdarbegovic over at the technical jobs site Toptal.
Hajdarbegovic provides a summary of some of the recent IoT reports – by Kaspersky Lab (the “Internet of Crappy Things” report, FTC Chairwoman Edith Ramirez and Wind River. (We covered the FTC and Wind River reports here and here.)
It’s worth a read. Hajdarbegovic is mostly optimistic about the future of the Internet of Things and the ability of the “market” to address the security and privacy issues that currently exists.
From his blog post:
“As the IoT market grows, we will see more investment, and as hardware matures, we will get improved security. Chipmakers like Intel and ARM will be keen to offer better security with each new generation, since security could be a market differentiator, allowing them to grab more design wins and gain a bigger share.
“Technology always advances, so why not? New manufacturing processes generally result in faster and more efficient processors, and sooner or later, the gap will close, thus providing developers with enough processing power to implement better security features.”
That’s a pretty rosy view – one that Hajdarbegovic himself admits it may be too optimistic.
While we certainly will see both hardware and software advancements and while those may enable security features, its doubtful that security will become a priority for firms making IoT products in the absence of changes – policy or market based – that change the cost/benefit ratio for security features. Today, there are no widely recognized standards that IoT firms can design to, no clear legislation – international or otherwise – that help them navigate tricky issues such as privacy and data security. Nor are their universally accepted brokers for critical components like identity. Finally, there are few incentives promoting security features and lots of disincentives: from a lack of demand to added cost of development and reduced ease of use.
In a competitive- and fast evolving market, you can’t blame resource constrained firms from putting security on the back burner or deciding to wait for a deus ex machina (like an embarrassing security lapse) to force their hand.
Read more in Internet of things security concerns | Toptal.