From the Developer’s Perspective - Navigating the IoT Security Storm

Written by

Businesses have been rushing to take advantage of the Internet of Things (IoT) for some years now. The early IoT has been a ‘gold rush’, with entrepreneurs jumping in to secure their share of an exciting and rapidly growing market - one that is expected to reach $933.62 billion by 2025 according to findings by Grand View Research

In this gold rush, and the race to realize the market’s potential, many companies have been deprioritizing security. Marry this with a new security breach being reported almost every week, and we have a problem.

The growing threat
The past year has demonstrated for many that while software updates have not become substantially easier for end-users to manage, the frequency and impact of security vulnerabilities make the process unavoidably necessary.

It is no longer acceptable to consider any connected software a finished product: software maintenance must stretch to cover the lifetime of the product.

In 2017 Canonical carried out research with IoT professionals, which showed that over two thirds of respondents felt that a lack of agreed industry security standards worried them when it came to IoT.

Although both the UK and US government have started to introduce regulation around IoT security, there is no standardization in place as yet. There has also been a focus on regulation when it comes to consumer devices but the reality is, IoT uses spread far wider than this.

Further compounding this issue, nearly a third of respondents claim they are struggling to hire the right talent when it comes to IoT security.

So the problem exists, has widespread awareness, but without the right skills, businesses are relying on their developers to ensure that their software is robust. 

The liable developer  
Developers can trade the evolution and growth of their software for a sense of safety by treating their code as immutable: it ships and is never updated. 

Alongside this, the surface area of software is increasing. The industry continues creating ever more software components to plug together and layer solutions on. Not only does the developer face the update question for their own code, they must trust all developers facing that same decision in all the code beneath their own.

Expectations are expanding, and so are responsibilities. Developers are no longer just makers, they now bear the risk of breaking robotic arms with their code, or bringing down MRI machines with a patch.

As an industry we acknowledge this problem – you can potentially have a bad update and software isn’t an exact science – but we then ask these developers to roll the dice. How then can developers under these pressures deliver on the promises of their software with predictable costs? 

The confidence to build
Developers are at the core of everything innovative being done within technology today. But as software-first companies are launching all the time, placing untold pressure onto these teams, there needs to be a compromise - and it shouldn’t be in security.

We’ve seen in the past year the kind of damage that cyber-attacks can cause, the stakes are too high to ignore the capabilities that open source tools can offer.

Developers should, instead, build products at the speed that strikes the balance of releasing new features to stay at the forefront while maintaining the security and integrity of the platform they are building upon. By following this lead, developers will have the time, but crucially the confidence, to continue building great things. 

What’s hot on Infosecurity Magazine?