Despite all the enthusiasm there seems to be for the Internet of Things (IoT) these days, security issues may soon prove to be the undoing of many IoT applications. In fact, a new study reports that not only are consumers concerned about IoT security issues, but a full 90 percent of developers don’t think these applications have the appropriate level of security in place.
For that reason, IT service providers would be well advised to take both a short and long view of IoT opportunities. There are plenty of scenarios where IoT projects on a limited scale can add significant value, but the bigger the IoT project becomes, the greater the attack surface that needs to be defended. Given how poorly well most organizations are doing in terms of securing their existing IT environments, much care needs to be applied to securely manage IoT environments at scale.
The survey, which was conducted by Auth0, a provider of authentication and authorization tools and services, also finds that 85 percent of the developers surveyed said that in the past six months they'd felt rushed to get an application to market because of demand or market pressures. Naturally, when developers are rushed, security often gets the short shrift.
Why IoT security is challenging
The challenge with IoT applications is that not only do the endpoints need to be secured, but the gateways they are connected to and the networks that link those endpoints and gateways back to a data center are also vulnerable.
End users, of course, have no idea what it takes to provide that type of security. But a separate survey conducted by Auth0 shows that more than half of users are aware of its absence. As a result, many consumers are wary of IoT applications.
On the plus side, manufacturers of processors are working to embed higher levels of security. For example, at an Intel IoT Insights event this week, Intel unveiled a line of Quark processors that can detect anomalies in a way that makes it possible to white list the IoT applications that can run on a device.
Focusing on profit, not security
As is often the case with emerging technologies, though, organizations aren't waiting for security issues to be addressed before ploughing ahead with IoT projects. IT organizations are certainly more aware of potential security issues than ever before, but because of the potential trillions of dollars in revenue these IoT projects represent, many organizations are simply calculating that the potential benefits to the business far outweigh the risks. That means it’s only a matter of time before a few high-profile breaches drive demand for IoT security technologies that will need to be deployed after the business case for the IoT project has been proven in the field.
It’s already apparent that IoT security issues will generate billions of dollars in revenue for IT service providers. However, providers of IoT services need to start thinking about mitigating security risks today that will most certainly cost them dearly later on.