The Security and Privacy Challenges in IoT

Learn about the unique aspects of IoT that make addressing security and privacy for these devices especially hard.

One of the biggest challenges to the broader adoption of IoT (Internet of Things) is importance of ensuring security and privacy. Given that, the question is what unique aspect of IoT makes addressing security and privacy for it especially hard.

There are at least five unique challenges in IoT:

1. Given IoT is the extended enterprise, the IoT infrastructure is extended far beyond the enterprise boundaries into customers’ and partners’ premises. Traditional perimeter technology solutions like intrusion detection are not as relevant.

2. The scale of IoT is 1 to 2 orders of magnitude higher than security solutions for systems focused on servers or desktops and  smartphones. We are dealing with tens of billions of devices or end  points, so that solutions need very high scalability.

3. Low cost makes many IoT devices attractive, but the low cost may also mean that devices have very limited processing power and memory, and intermittent connectivity. This means that device-centric solutions will be a challenge as well. In addition, already-deployed devices may be harder to reach with updates to incorporate security and privacy solutions.

4. Given IoT is integrated with the physical world in terms of sensors and controls, the privacy risk from a breach is not just limited to the digital world but also covers the physical world and can adversely impact the operations and safety of enterprise assets and their people.

5. The massive number of use cases in IoT drives the complexity of coming up with a comprehensive solution very high. The requirements for a Connected Home may be quite different from those of a Connected City or Connected Car or Industrial Internet.

Given these unique challenges, what are the elements for a  comprehensive approach to IoT Security and Privacy? Do we need to worry about securing the IoT data stream or the IoT devices or protect the massive quantity of data generated? Is there a place for traditional solutions like certificates and perimeter-based solutions? Watch this space – in the coming weeks we will share a potential approach to address the above challenges.