Channel technologies, Channel technologies, Networking

Internet of Things (IoT) Security Is Like Running Before You Can Walk

Author: Graeme Batsman
Author: Graeme Batsman

Take a baby or toddler which of course is where the phrase comes from, it first crawls, walks, climbs, runs and finally cycles. Security should be the same, first you should secure your home, office, data centre and then move onto the network, endpoints, websites, email servers etc.

Many companies have not done much of the above. Take various City of London offices, LCD screens with users on are sitting next to windows. Good front office access control maybe but you can look over someone’s shoulder from outside.

Then you need to secure the network with the use of hardware firewalls and IPS (intrusion detection prevention). Mail servers and webservers are next since they face the world wide web and further down the line is endpoints.

Makes sense? Likely to some. The problem is companies are struggling to secure their normal network because they do not understand the risks or care. Plus, there is a shortage of products which actually work and a global shortage of skilled staff.

Move onto IoT (internet of things), if anyone including home users is struggling to secure their conventional kit why move onto IoT which can add a physical element into the equation? Webcams, CCTV, heating/electricity control companies do not put much effort into security.

Home users and some businesses simply follow a “craze” and run out there and buy everything their friends or colleagues have. Wealthy home owners get everything plugged in and it goes through the generalist home router/modem.

Do people really need to turn off their iron or open the curtains from outside the door? Not really but it sounds cool. Actually securing these devices with hardware and labour would likely cost more than the IoT devices itself.

“When fridges attack” is a good example. The fridges in question were/are made by well-known manufactures not a cheapy firm no one has heard of. Two years ago there was a story about a hijacked baby monitor. Now the physical and cyber worlds collide.

The next time you go out to buy something for your home, think is it secure, can you secure it and do you need it. I have barely seen a company which has a web page dedicated to the security, testing and certification of the hardware they are selling.

Graeme Batsman is senior (technical) cybersecurity consultant at Capgemini. Read all Capgemini blogs here.

Sponsored by Capgemini

With more than 180,000 people in over 40 countries, Capgemini is a global leader in consulting, technology and outsourcing services. The Group reported 2015 global revenues of EUR 11.9 billion. Together with its clients, Capgemini creates and delivers business, technology and digital solutions that fit their needs, enabling them to achieve innovation and competitiveness. A deeply multicultural organization, Capgemini has developed its own way of working, the Collaborative Business Experience(TM), and draws on Rightshore®, its worldwide delivery model.
Learn more about us at www.capgemini.com.