IT rarely comes in on time, under budget and works first time – and the Internet of Things (IoT) will be the same.
Speaking at a roundtable at the launch of a report into the security of IoT by Telefonica, John Moor, director of the IoT Foundation said that security is often not built into projects as the cost does not support that part of the process.
He said: “No one wants to go unpatched, so think about the stage of design and how to be secure comes down to design and security.”
Also on the roundtable was Chema Alonso, CEO of ElevenPaths, the cyber unit of Telefonica, who said that anyone with a mature level of security knows that you cannot prevent everything, and need to manage the security of the IoT in the enterprise with a persistent vision.
Moor said that the security of IoT is context dependant and the demands are different from company to domestic, so it helps to break it down to apps, connectivity, and sensors.
He said: “One of the trends is how we continue to be a big society and consume physical stuff, and IoT is about services. It is not about toothbrushes, it is about reducing energy costs. It is at a point of technology where enable and connect everybody – who pays for security and connects it?”
Alonso pointed out that in Spanish, it is the same word for security and safety. “Regulating is hard as you don’t want someone to regulate or do certification and put the product outside, you want to do it for the lifecycle. The biggest issue is managing the lifecycle of security and what is happening on day one.”
Asked by Infosecurity if vendors need to do more, Andrey Nikishin, special project director of Future Technologies at Kaspersky Lab, said that consideration needs to be on the change of the device, and data in motion and data at rest
He said: “The focus is to secure device, but for an IoT device you cannot do security on it so you need to approach from additional to built-in security so devices have security from the beginning. Think safety: but not only security and special approaches and what to minimise. 100% security is not possible, but raise the bar to make hacking difficult.”