Rush to implement Internet of Things 'could undermine security'

city at night

Internet of Things (IoT) companies risk undermining the security of their own sector in the race to deploy new solutions, it has been claimed.

Speaking at a panel discussion hosted by Rackspace, Yodit Stanton, CEO and founder of OpenSensors.io, said that compared to standard devices that transmit and receive data, building security into IoT devices is "different, but not hard".

"You have these tiny processors with not much memory so you can't use keys, for example, but there are very good security chips," said Stanton.

However, she added: "People just don't use them enough, which I despair about. I think there is an element of 'oh we'll just deploy this thing and it'll be fine', because they don't really think about the implications. The technology is there, but in the enthusiasm and in the rush of this new thing we are possibly neglecting [it]."

The IoT isn't just sensors, though and, as fellow panellist and project manager at MongoDB Mat Keep said, security is also a concern for every point the data transmitted by the device comes into contact with.

"Security needs to be laid in at every level," said Keep. "It starts at the device, moves to the edge gateways, then moves across the internet through full encryption, into where the data lands and encrypting it there. You have to look end-to-end at the security controls."

"From our database side, we very early on in the product development built in a lot of security controls to the database to try and form that level of protection, but we're just one piece of the puzzle. If you're not properly protecting the device and the sensors in it, or the network, or indeed the applications that have to access all this data and analyse it, then no matter what security controls you put in your data layer, you are never going to be secure. You are never going to isolate people from potential risk. So this is a huge consideration and a huge concern," he added.

However, Lilian Pang, Rackspace's legal director, suggested that the upcoming European data protection regulations, which are expected to be published in draft form late this year, may help in part.

"The underlying factor remains [that] companies are out there to increase efficiencies for profitability and we can't put that aside and ignore the fact that actually the data of individuals also matter. And this is where regulation comes into play," said Pang.

"With the new general data protection regulations coming out, as an example, this will actually essentially force companies to take a good look at themselves internally and put their houses in order in terms of how they comply with the privacy aspects of what they do," she added.

"That would involve the way that they process any type of information, and most especially information that falls within the realms of being personal data."

Jane McCallion
Managing Editor

Jane McCallion is ITPro's Managing Editor, specializing in data centers and enterprise IT infrastructure. Before becoming Managing Editor, she held the role of Deputy Editor and, prior to that, Features Editor, managing a pool of freelance and internal writers, while continuing to specialize in enterprise IT infrastructure, and business strategy.

Prior to joining ITPro, Jane was a freelance business journalist writing as both Jane McCallion and Jane Bordenave for titles such as European CEO, World Finance, and Business Excellence Magazine.