Report: IoT security products face huge challenges
Network security, device authentication and encryption are the most currently successful strategies for securing Internet of Things systems, with identity management and emerging tech — including security analytics and blockchain — likely to join them over the next one to five years, according to new research from Forrester.
The report, “TechRadar: Internet of things security, Q1 2017,” defines “the use cases, business value, and outlook for the 13 most relevant and important technologies for delivering IoT security,” it states.
Encryption “is an essential IoT security best practice,” states the report, because of the high stakes implicit in the use of IoT technologies. “Many IoT scenarios now involve automation of industrial, business, and personal processes. This may create business value, but it also introduces scenarios where breaching … can lead to destruction of property and equipment and even personal safety issues.”
Network security and device authentication are part of an essential “end-to-end architecture” required to secure deployments “from the IoT device to the cloud back end.”
Blockchain is just beginning to emerge as a security solution for IoT, according to the report. “The success of IoT blockchain will depend on its ability to scale and achieve the required performance for the highly distributed IoT environment.”
As for security analytics, the report’s authors state, “The proliferation of IoT devices generates large amounts of device data that, if security teams can harness it effectively, [will] identify potential IoT attacks and intrusions, especially those that may have bypassed traditional security controls.” They warn that use of security analytics “requires high-fidelity information streams and significant tuning to avoid reporting of false positives,” adding that the growing use of analytics “may increase demand for processing power at the edge of the IoT network.”
Identity and access management solutions “provide full life-cycle capabilities to provision, register, and de-provision IoT devices and associated identities and to provide policy-based access to those devices over time,” the report states, adding “IoT IAM is emerging as an important capability to help enterprises and service providers manage and secure relationships between identities and IoT devices.”
The report, based on more than two dozen extensive interviews with vendor and end user companies and industry experts, lays out a series of reasons why the challenges for IoT security are likely to be so severe. These include:
- A “lack of clarity” about which of the many players in the IoT ecosystem — from device manufacturers, to service providers and resellers — should be responsible for privacy or security.
- A “plethora of IoT standards and protocols” creates “interoperability challenges … [and] breed[s] complexity and increase[s] security threats and vulnerabilities due to difficulties in applying consistent security policies across all devices and protocols.”
- The “sheer volume of IoT-related devices and data exhaust can make security detection very challenging.” Unlike traditional networks with thousands or tens of thousands of endpoints, IoT networks can have millions or tens of millions.
- Most IoT devices “lack basic security measures and protocols.
The authors conclude that while awareness of the vulnerabilities and security risks of IoT is growing, “There is no single, magic security bullet that can easily fix all IoT security issues. As a result, security pros will require a wide range of security technologies to help protect IoT deployments.”