If you’re like Lancen LaChance, GlobalSign’s VP of Product Management for the Internet of Things (IoT), you spend your nights thinking about the unprecedented value and opportunity the IoT presents, while also worrying about how to secure it all. As more IoT systems move from the drawing board to production phases, it’s more important than ever to keep security top of mind.
We sat down with Lancen and spoke to him about some of the challenges and opportunities that are surrounding IoT security and what we can do to increase adoption, while still maintaining a safe environment.
What Does the Term “Internet of Things” Mean to You?
The Internet of Things is an extension of connectivity into a broader range of our environment which enables greater data insights, analytics and control capabilities of our world.
From our perspective, we like to think about the Internet of Everything (IoE). This is because while the ‘things’ in the equation are the key driver in some of the new components of this internet evolution, there are still the critical existing components of the Internet (servers, applications, users, organizations and more), with which all these ‘things’ need to interface and interact.
What Are Some Real World Applications of IoT Technology? Where Do You See It Adding the Most Value?
The demand for connected devices spans multiple industries, including energy, automotive, consumer devices, healthcare and more. Ultimately the potential in solving real-world problems is only limited by your imagination and time horizon to consider.
However, if we limit that to the next three to five years, there are some key areas we could address. From a business perspective, I see two basic areas an IoT solution can impact the bottom line – optimization and enhanced features. The first is the ability to enable improved efficiency and thus improve the cost drivers in a business environment. The second is the ability to add new features into a product or service which aid in competitive differentiation, adding additional value to the buyers of the product/service and allowing the provider to collect additional revenues.
From our perspective, we see tremendous value and interest in applying these technologies to improve efficiencies within more industrial and manufacturing sectors. Improving efficiencies and reducing waste in these environments by even a couple percentage points has great impact on the bottom line. In the medical space, connected healthcare is not only improving the efficiencies of healthcare provider operations, but the integration of health data with machine learning, analytics and remote response capabilities, resulting in healthier patients.
I think the biggest opportunities lie outside some of the “flashy” consumer-level devices like wearables, thermometers and smart refrigerators. Don’t get me wrong; they are important, but breaches in these systems don’t necessarily create emergency situations like they would in the industrial sector.
The Industrial IoT includes critical machines and sensors in high-stakes industries like defense, automotive, aerospace, energy and healthcare. The industrial sectors will see tremendous benefit from the IoT. Government and municipalities also have incredible opportunity to reduce costs by improving efficiencies. And of course, technology vendors with IoT-specific solutions that are responsive to these new markets will have a huge opportunity.
We’re very interested in IoT in the industrial and manufacturing environments, automotive and in the networking space. These areas are specifically interesting to us due to both the potential business value IoT presents, as well as the security requirements of those environments. Security in these systems is paramount and must be adaptive and scalable.
Related:-You The Leader (Book Review)
What Are Some Technical Considerations for Implementing an IoT Solution?
At a basic level, the solution looks at the means you choose for gaining data from sensors on a device/platform, getting that data to the decision making entities in the system and potentially getting control commands back to the device from a decision making entity – doing this, while also being efficient and secure.
The Internet contains a range of existing technologies to enable this, both in specific protocols and software stacks, but also in architectural models. However, as additional constraints of hardware, connectivity, power and volume of data are introduced into the systems, novel approaches and technical solutions are being applied. In this area, we see trends such as Low Power networks, adoption of lighter weight cryptography like ECC, mesh and gateway-based networks all being implemented to arrive at these solutions.
What Kind of Skills, Technologies, and Systems Are Needed to Develop IoT Systems or Applications?
IoT is ultimately going to force deep experience in a range of technologies in both hardware and software. We will see some of the most complex systems in human history built over the next decade and therefore there is also a meta-layer of systems engineering that will be essential to the success of these environments.
The range of hardware environments is exploding. The device lifecycle becomes increasingly important. Ideally, I’d hope that the implementations stand on the shoulders of technology giants and leverage proven and widely deployed approaches as much as possible.
What Are the Most Widely-Used IoT Technologies So Far?
In the first iterations, we definitely see IoT solutions being like smaller versions of existing Internet, leveraging TCP/IP and Wi-Fi. In security technology, we see tremendous interest and application of PKI, as devices are able to handle cryptography quite well. It scales to billions of devices and provides a means toward a range of information security principles.
What Barriers to IoT Adoption or Development Do You See?
Brownfield deployments will certainly be a factor – where legacy equipment and technologies are being retrofitted, or upgraded with new capabilities.
Appropriately assessing the information security risk and applying architectural and technological solutions to mitigate will be difficult. We see trends where organizations who have excellent operational capabilities in manufacturing physical products/equipment, but are now looking to fold in new connected IoT type capabilities and they have not fully brought in the appropriated software development and information security mindset into their organization.
In some cases, the organization is just honestly ignorant of the risks. In other cases, they’ve made faulty decisions to postpone or not address appropriate information security practices based on assumptions that they can build it in later or even that a potential compromise impact will be small.
How Do You Propose Meeting Some of These Challenges?
The Internet of Things is a natural extension to the capabilities the Internet of today provides. GlobalSign has worked in a number of IoT related security implementations over the past few years and is keenly in tune with the evolutions and nuances at building trust models and applying proven technologies into this new dimension of the Internet.
PKI is a tried and true standard that has been securing connections between servers, machines and devices for decades. It provides key information security capabilities, including authentication, encryption and data integrity and with GlobalSign’s high volume services and agile certificate profiles, it can be adapted to meet the velocity, variety and volume needs of the IoT. And our IAM infrastructure enables the complex relationship management (e.g. hierarchies, delegation, self- or automated enrollment) needed to support the scale and heterogeneity of IoT ecosystems.
Most importantly, we believe components of an IoT environment must be flexible, functional and easy to use, thus not compromising the user experience. And to meet these qualifications, there is no question that security must be designed into IoT systems from the beginning.