If you're like most people, you've heard of the Internet of Things (IoT). But you likely don't really understand how it will impact your business. Well, that's going to change. And soon. There is so much value that comes from connecting devices for consumer and business applications - everyone is going to get in on IoT.
Let's go back to the basics. IoT refers to devices (everything from personal activity trackers and top-end appliances to lowly objects such as sensors on a piece of industrial equipment) that are connected to a network and communicate with other devices or directly to the cloud. We are still very early days in the application and commercialization of IoT.
Manufacturers are using IoT to monitor expensive equipment in the field such as natural gas pipelines or jet engines. The implications are huge. Gas companies receive alerts when pipeline conditions are approaching dangerous levels, allowing them to take action before an explosion occurs. The possibilities for boosting human health and safety -- not to mention convenience and entertainment -- are almost limitless.
On the consumer side, IoT is being used to connect smart devices such as NEST thermostats and Tesla cars to the cloud, where their data can be accessed by others. So, if your car goes into a ditch, it can automatically alert a provider like OnStar that you need help.
A game-changer for security
There is no doubt - IoT is a game-changer. But the unaddressed security implications are frightening. Just in the past few weeks there have been many headlines about successful hacks into automotive control systems.
Just this week there was a story about hackers using an insurance gadget aimed at collecting driver safety data to gain control of a Chevrolet Corvette. Researchers at the University of California San Diego were able to apply the brakes and even cut the brakes by sending SMS messages to the Corvette's dashboard. Scary, right? Now imagine these were terrorists, not academics, at the controls. And then imagine what terrorists could do if they got control of our natural gas pipelines or our water supply.
Needless to say, when it comes to IoT, security is paramount. There are two aspects to IoT security. First comes when the devices sends data over the cloud or network. That data needs to be protected in flight.
Then there is another level that arises when the device can accept data or be controlled remotely. There, the first question is who can gain access in order to send a command? Is that person who he says he is? How should the user be authorized? What kind of device is it and is human safety involved? Classic information security measures can't begin to provide enough protection in these scenarios.
Maybe the user should have authority to control one aspect of the device, but not everything, only in certain contexts and for a certain time period. This is a complex picture. And you can't have a heavyweight security protocol or appliance guarding the door. These are small devices with limited computing power and memory. The security mechanism has to be simple and lightweight from the standpoint of the individual device. Central policies must be put in place to manage devices.
Authentication and authorization are central issues for IoT security. And most developers of these systems build in their own concepts of security. Most are rudimentary and not based on standards. This whole area gets daunting very quickly.
Then there is the question of scale. Many security systems today manage users in a semi-automated fashion. There are a lot of manual processes involved. That is no longer acceptable when the IoT installation begins to scale up. You need an automated way of bringing new devices online and the process needs to be done securely.
Ping's Identity Defined Security platform is architected to support foundational components of IoT security. We are actively looking at existing protocols like SCIM (for cloud provisioning) and NAPPS (for native application security) for applicability to IoT, but currently, there is no standard for IoT security. That is a huge concern. IoT holds much promise but won't be able to go far without it. Take a moment to read, Standardized Identity Protocols and the Internet of Things, that takes a deep dive into the IoT and how its full potential can only be realized by standardized identity protocols.