Internet of Things: Make sure your security strategy is as ‘smart’ as your devices

The Internet of Things poses new security risks, making it important to consider IoT in your application design, app testing, and vendor assessment.

Household appliances, cars, electronics, security systems, and even medical devices are all becoming smarter. They’ve merged into a Wi-Fi-enabled, cloud-connected network now known as the Internet of Things (IoT). And it’s getting bigger, from 7 billion devices in 2009 to more than 50 billion in the year 2020, according to a report by the Federal Trade Commission.

While IoT opens the door to new business models and opportunities for innovation, it also poses new security risks for product developers and their customers. In fact, a 2014 study by Hewlett-Packard warned that approximately 70% of all smart gadgets are vulnerable to cyber attacks. Why is that?

• Data-rich targets attract hackers. In IoT, customer purchases happen in the blink of an eye, which means financial data and information on customer preferences is changing hands faster than ever before. This presents a tempting target for criminals who look for applications with security vulnerabilities.
• Old code isn’t up to new tasks. Devices are being asked to perform functions and connect to each other in ways that were never intended when their original code was created. Think of a DVD player built in 2004. Now users are connecting it to a brand-new smart TV, storing and passing data over the internet. Inside the device sits code that could be many years old and was certainly never tested for that scenario.
• Third-party software is often untested. Inside smart applications may be code that comes from external development shops or code libraries. It might not be properly tested or subjected to the same scrutiny you demand from your own internally developed applications.

Get smart about IoT security

• Consider IoT in your application design. Assume that devices are now hyperconnected. As your architecture becomes more distributed and complex, make sure you implement security controls that prevent hackers from finding a way inside the network.
• Test your applications with IoT in mind. Consider new ways that hackers may target rich data and test your applications using automated and manual application strategies. Don’t ignore your older applications; remember they may be used in new and unexpected ways.
• Assess your vendors. Perform a vendor assessment to make sure everyone involved in your software supply chain is checking for bugs and flaws that could be exploited.
• Train everyone involved in the SDLC. Raise the skills of everyone involved in the full software development life cycle with security training, including software designers, developers, testing staff, and IT operations. The Internet of Things has great potential for application providers, but creating smart devices is not without risk. Taking a proactive approach to security will help you and your customers find success in an increasingly interconnected world.