Decoding The Security Factor In IoT

by Divya Makhija    Mar 05, 2018

IoT

Vision Summit 2018, a two-day flagship event of India Electronics and Semiconductor Association (IESA) witnessed a myriad of sessions on the Indian semiconductor industry ecosystem, emerging technological trends and challenges. One of the important panel discussions which took place on the second day of the summit throws light on the concerns around security in the world of Internet of Things (IoT).

With the fast-paced technological developments, IoT has become a transformative technological tool for the enterprises. As per the industry statistics, 170 billion were spent last year on the IoT initiatives and manufacturing, retail and medical sector have been the leading initiators. At the same time, enterprise security that is becoming even more crucial as the security vulnerabilities in the world of IoT is likely to double up in the year 2018.

How enterprises are embracing the IoT and having a real security framework in place was the key theme of the panel discussion that comprised of K. Krishnamoorthy, VP & Managing Director, Rambus chip technologies, Bikash Barai, Co-founder, Firstcompass and Akshay Kadam, Solutions Architect, Intel India with Akshat Vaid from Zinnov as the moderator.

Major Security Problems in IoT

The discussion opened by taking up the security challenges of the IoT world. K. Krishnamoorthy, VP & Managing Director, Rambus chip technologies, compared security with the game of cricket. He said, “Security is like the game of cricket, where there are multiple ballers in the form of hackers and one bit of negligence can get the wicket down”.

The panellists discussed the different types of vulnerabilities that the IoT world is struggling with. Bikas Barai, Co-founder, Firstcompass, categorised the flaws as architectural flaws, hardware hacking, operating system vulnerability and applications vulnerability

All of the above-mentioned flaws can be best understood in the context of problems like unavailable or limited software update mechanism, missing key management, inappropriate access control, missing communication security and vulnerability to physical attacks.

Cost Effectiveness of Security

The creation and adoption of a technology is advantageous but keeping it secured is more important to avoid the destructions that could be caused by it. However, various enterprises struggle with the cost factor that is involved in keeping the businesses secured. How to make security inexpensive or cost effective is a question that intrigues most of the enterprises.

K. Krishnamoorthy said, “cost analysis is important while calculating your assets, their worth and how it would affect your business if its compromised.”

The panellist Bikas Barai said that the way internet is defined, and technology is expanding, one should not think of having a “cheap security”. If one wants to have a secured business, it is important to invest in security, to have your business sustain a long way. According to Barai, a paradigm shift is needed in the business models. The industries need to have a viable business models keeping IoT security in mind. 

Standardization of Security

With the diversity in businesses and technologies, enterprises often struggle about how to address the security concerns. Barai spoke about having an “Algorithmic approach” to deal with security issues. The panellists agreed on the need of having a syllabus to be genuinely secured, however, building such a syllabus is a challenge.

Barai shared a 5×5 Metrix model whereby he discussed 5 capabilities and 5 entities to attain security. The model need to have five capabilities which include: identity threats, protection, detection, breach response playbots and capability to recover across five entities which include: networks, devices, data, applications and humans.

The discussion closed with the panellists sharing some best practices for the enterprises from security standpoint.

K. Krishnamoorthy suggested to look at the checkboxes of security before deploying the system. Once the five capabilities have been ensured across the five entities mentioned, security is an achievable task.

Moderator Akshat Vaid concluded suggesting enterprises not to wait to deploy security in the later stage of the business. Security should be pursued right from the designing of the system.