Can We Secure the 'Internet of Other People's Things'?
This is truly the Wild West. There are no IoT-related regulations involved at this early point—security or otherwise. Any entity can have as many IP addresses as they desire for use in any way they want. Scale-out IoT isn't an issue; there appear to be no limits on the size and scope of networks, as long as there is bandwidth to run everything. With more entries into the Internet come more on-ramps for hackers. How will we stop a malicious third party who takes control of 1 million or 10 million inanimate devices? What will happen if that malicious third party decided to launch attacks using all those devices? This is happening now, and it will only be happening more often, but with more zombie devices. Security experts and industry organizations, such as CyberTECH and CyberTECH Maryland, are doing well to get key decision-makers from the government, military, utilities, vendor community, education and the investment community together to discuss issues, such as information sharing, new products and trends. CyberTECH Event a HitAs the IoT gets up and running, where is all the new data gathered from all the new devices going to live? The answer is the usual places: storage arrays, networks and servers on-premises and in the cloud that are hit all the time by hackers. But conventional protection of storage silos and servers has not succeeded. We need to get more granular with data security. New security schemes are now being built for this possibility, but it may take years for them to replace entrenched legacy enterprise security systems. Individuals can move faster on this. Until we start maintaining each of our own corners of the Internet with more care, our own devices will eventually become part of the IoOPT and in the control of bad actors. In fact, many of our devices are already part of that "bad actor" setup, and we don't know it. Thus, the security and privacy of individual data files, using encryption and federated or two-step authentication whenever possible, is where this is all leading. Next-gen security will add a data-centric—not a system-centric—approach, and the industry is already moving toward it. eWEEK hosted its April eWEEKchat, titled "Can We Secure the Internet of Other People's Things?" Here are some representative tweets from the eWEEKchat, which attracted a knowledgable community of commenters and lots of interaction back on April 8. @IMJustinKern: I'd invest in discovery, to know what's important; and data-centric encryption, for protection. #IoT gadgets will come & go. @wisegateIT: Make it a business priority, not just a security priority. We'd suggest having security champions in other departments. @WilHarm3: @FestaAtDell Security should be specific to the service; sounds like a lot of work, but necessary. @JacksonShaw: Securing the data assumes you have some control of it. More importantly, it means you know it is there! How do you discover? @IMJustinKern: No more perimeter, devices are boundless. Data-centric seems vital. Now, getting people to perpetually use security ... (that's another question). @TechJournalist: It's not just about data—but also about user privileges & access control. @moonsdearson: I would rely on cloud, since it's the focus for security, and hence more investment would naturally go there. By the way, our next eWEEKchat is Wednesday, May 13, at 11 a.m. PT/2p.m. ET on the topic of "Software-Defined Data Centers and the Changing Role of IT Hardware." eWEEKchats are held every second Wednesday at the times shown.
A 90-minute discussion at RSA on April 22, hosted by San Diego-based CyberTECH on this very topic, was attended by about 60 respected thought leaders, including White House Cyber-security Policy Chief Michael Daniel, former Symantec CEO Enrique Salem and Chertoff Group Principal Analyst Mark Weatherford. Here is a link to that discussion.