In-brief: there’s a growing consensus that the Internet of Things will spell trouble for the information security industry. A vast population of connected devices, endemic problems with software quality and sophisticated adversaries will combine to make the juice of the Internet of Things not worth the security “squeeze.”
I note a couple of pieces in recent days that reflect what I would consider a growing consensus among information security cognoscenti: that the Internet of Things is poised to disrupt the IT security space – big time.
The first of these comes from Paul Kocher, the head of cryptography research at the firm Rambus, who said that he expects a “rocky road” for the information security sector for the next decades, as the full impact of the Internet of Things disrupts the status quo in the industry: unseating longtime incumbents and potentially drawing in competitors from distant parts of the technology industry.
Kocher is the founder of Cryptography Research, and one of the smartest guys in the security industry. EETimes wrote about Kocher’s speech at the recent DesignCon in Santa Clara, California, in which he opined about the likely shakeout in the information security sector as the impact of the Internet of Things is felt.
From the EETimes report:
“‘We’ll have a rocky road ahead for the next decade’ given the combination of the emerging Internet of Things with ‘offensive cyber programs just about every country has,’ he said.
At some point, adding a new feature to a product could reduce its value because it creates more complexity and less security. As an extreme example, he noted that after the Edward Snowden leaks, the Russian guard and the India High Commission both switched from using PCs to typewriters.
‘We have to have stronger foundations for security and correct assumptions about software quality,’ Kocher said, noting engineers must assume all products —software or hardware — will have bugs. ‘The ability of the tech industry to change the world depends on solving these problems.’” he said.
That said: Kocher is ultimately bullish on the ability of the technology community to address security problems – including those on the Internet of Things. Better and more pervasive use of encryption and a greater reliance on hardware based protections will eventually tip the scales against attackers, he suggested.
The other article worth noting is from ZDNet, which picked up on an interesting research paper from Forrester on security and Internet of Things. While that firm was upbeat about the broad implications of the Internet of Things on the business environment, Forrester was “wary of security and the integration issues that will arise from the lack of standards.”
From the ZDNet article:
“Most hardware and networking IoT technologies have hit the Growth phase or even the Equilibrium phase. IoT software is in the Survival phase. But standards are nascent, as vendors are only a couple of years into the process of creating general-purpose interoperability standards. And IoT security technologies are still in the Creation phase, with no established products,” the report said.
Forrester’s report was based on 27 vendor companies.
The lack of clarity on information security and privacy may end up holding back enterprise adoption of IoT technologies for years, until the private and public sectors can get comfortable that embracing Internet of Things technologies won’t come back to bite in the form of a data breach or hack. Read more over at ZDNet here: Internet of things security years away from being fully baked, says Forrester | ZDNet