The Internet of Things (IoT) combines technologies that enable devices, objects, and infrastructure to interact with monitoring, analytics, and control systems over Internet-style networks. These IoT-enabled solutions hold vast promise, with the potential to revolutionize customer experience, enhance safety, improve health, and tear away inefficiency.
According to industry estimates, that in 2015, the world had 25 billion connected devices, close to 25 million smart home devices, and IoT software platforms were expected to“become the rage.” With the widespread adoption of IoT within the consumer sector, wearables, smart home appliances, lighting and other smart devices are becoming mainstream. The popularity of smart consumer devices is anticipated to continue to grow at a frenzied pace well into the future.
The adoption of IoT within the business and public sector has lagged behind the consumer market, however the 2015 Verizon IoT Report predicts that the number of Business-to-Business (B2B) IoT connections will has been increasing and will continue to increase increase 28 percent year-over-year between 2011 and 2020.
Industries such as manufacturing, energy, transportation and retail are already adopting IoT initiatives. In their 2015 Industrial Internet of Things Positioning Paper, Accenture predicts that by 2030 the “Industrial” IoT market will be worth US$7.1 trillion in the United States alone and will support enhancements in efficiency, safety, productivity and service provisioning.
However, the security implications of these devices, services and technologies and the data that lies within cannot be ignored. As the number of connected devices increase, the attack surface for adversaries is target-rich. A typical IoT system will rely on data and networks of variable provenance, devices may be expected to run on batteries for many years and new vulnerabilities are likely to be required to be patched in the field and at scale.
IoT security is a top concern for executives. Along with the technical challenges, IoT security is on the board room agenda, according to non-profit organization, IoT Security Foundation. With more than just reputations at stake, it is imperative that technology providers, system adopters and users work together to ensure security is fit-for-purpose.
Even the government is worried about IoT security. U.S. Federal Trade Commission chairwoman, Edith Ramirez, addressed the Consumer Electronics Show in Las Vegas earlier this year, warning that embedding sensors into everyday devices, services and technologies, and letting them record what we do, could pose a massive security risk.
Ramirez highlighted three key challenges for the future of IoT – including heightened security risks, ubiquitous data collection, and the potential for unexpected uses of consumer data. She further recommended that companies should enhance consumer privacy and security, by building consumer trust in IoT devices through the adoption of “security by design”; engaging in data minimization; and increasing transparency and providing consumers with notice and choice for unexpected data uses, while giving users a choice to opt -out of data collection.
In an attempt to bring together regulators, researchers and manufacturers to ensure that IoT is developed in a way that respects customer privacy and choice, the Secure Internet of Things Project was launched last year as a cross-disciplinary research effort between computer science and electrical engineering faculty at Stanford University, UC Berkeley, and the University of Michigan.
The project will analyzse how to integrate these enormous streams of physical world instrumentation with existing data; adopt pervasive sensing and analytics systems to preserve and protect user security; while and examineing what hardware and software systems will make developing new intelligent and secure Internet of Things applications as easy as a modern web application.
Enterprises are also doing their bit part to secure IoT. Microsoft instituted last week the Security Development Lifecycle (SDL) to provide a mandatory company-wide development process for security. Microsoft SDL is coupled with a host of infrastructure-level security services such as the Microsoft Operational Security Assurance process and the Cyber Defense Operations Center, which includes areas of excellence in the Microsoft Digital Crimes Unit, the Microsoft Security Response Center and the Microsoft Malware Protection Center.
Currently, the Microsoft Azure cloud, on which Azure IoT Suite is built, supports more than one billion customers in 127 countries.