Poor Security Key Management Poses Cyber-Threat to Internet of Things
NEWS ANALYSIS: Machine to machine communication is ubiquitous across the Internet, but poor security key management makes it an inviting pathway for massive cyber-attacks.Security in the world of machine-to-machine (M2M) communications is a mess, according to Tatu Ylönen, founder and CEO of SSH Communications Security in Helsinki, Finland. Ylönen told me as we met over breakfast near Washington, D.C., that few IT managers and even fewer C-level managers really have an inkling of the security risks posed by M2M communications, which run constantly in their businesses every day. Ylönen, who is the inventor of the Secure Shell security protocol, said the vast majority of communications between servers, virtual machines and even within virtualized environments use authentication that takes advantage of Secure Shell public keys and the SSH protocol. He explained that nearly all communications controlled by applications to retrieve or process data, exchange data with other applications or even communicate between different parts of applications use SSH authentication. Likewise, the devices in the Internet of things authenticate their presence on the Web using SSH.
Now, Ylönen's company has received the results of a study by Forrester Consulting that examines the state of penetration of M2M communications in companies. The study found that virtually all companies use M2M communications in some way, and well over half, 62 percent, expect that to increase.