2015 was a banner year for hacking. Security researchers demonstrated that it is possible to remotely hack and control vehicles, hack a pacemaker (thankfully it was in a medical dummy), steal Gmail credentials from a smart fridge and even hack a Barbie doll. As if the traditional security vulnerabilities presented by modern technology weren’t challenging enough, the widespread adoption and use of IoT devices have ushered in more potential security traps and new performance challenges that were not concerns a few years ago.
If we divide IoT security by platform, we are looking at cloud management security, network security, and end-point security. Our focus here is ensuring network reliability and security.
Maintaining network performance, reliability and connectivity while minimizing network latency is difficult for IoT devices. Most early IoT devices were not built with network load or security in mind, and their high rate of adoption has caused some unintended problems. The number and nature of these devices, the amount of information they send over their networks, the number of connections and the 24x7x365 nature of their activities present unique challenges. These include:
Mobile Device Management (MDM)
As individuals and enterprises add more devices to the IoT, it becomes more difficult to manage them individually, creating the need for more and better device management services. Because most device management services are cloud based, the communications between them and the devices that register with them are going through the Internet, and are visible to hackers. And although MDM helps to address the serious problem of managing devices, it also creates more opportunities for hackers to access the devices by masquerading as the management service, or even hacking into the service and accessing the device from the service itself.
Identity Management
Because people use so many sites, it becomes painful to register for each one individually. It takes time. And who can remember all those passwords? As more services offer social media login from Facebook, LinkedIn, Twitter, and other major sites, it becomes easier for hackers to gain access to all of a person’s services through a single login. And even if you do register individually, you have so many passwords, you probably keep them in a file somewhere. Hackers love that.
Remote Device Monitoring
Like any other device, IoT devices need to be monitored for performance, reliability, and security. And like MDM, most monitoring services are in the cloud, meaning the monitoring data is traveling over the Internet, which is not only another opportunity for hackers to access the devices being monitored, but even the monitoring data itself can be used by hackers to find out more about the devices, the networks they are on, and the people using them.
Network Routing
As the IoT gets bigger, it will have to continuously grow with more hardware and software. Each piece of hardware and software is an attack target for hackers. And as new hardware and software become available, there will be new vulnerabilities that hackers will find and exploit, and developers will have to patch. Yes, it is a vicious cycle.
Freedom vs Security
As the IoT becomes more central and necessary to the lives of everybody on this planet, more and more laws will be passed to protect the people who use it from hackers. This raises the age old question about whether the security through legal policy is worth giving up the civil liberties and privacy protection required to achieve it. Remember Braveheart!
The challenges that IoT devices now present shouldn’t come as a surprise. The Internet of Things has only gained real momentum in the past two or three years, so it isn’t realistic to expect two decades of security and networking expertise to be incorporated overnight.
Fortunately, there are a few effective ways to monitor these networks. Although IoT devices are different from normal end-points, you can still monitor device activity, status, connectivity, potential vulnerabilities, unauthorized access, performance metrics and more using network performance monitoring tools. If you have a solution capable of providing visibility into IoT, you can create a baseline for your IoT devices over time to identify anomalies more easily. An in-depth understanding of “normal” network activity levels greatly helps with troubleshooting and identifying network issues and security risks.
While we enjoy IoT devices and everything they enable in our day-to-day lives, visibility is critical to ensure network reliability and security 24x7x365.
Mandana Javaheri is CTO of Savvius.