Newsletter

Selecteaza Domeniu:

IoT Security Costs are Manageable

 

Internet of Things device security has become more critical than ever, as the risks now outweigh the opportunities when it comes to potential threats to an individual or even an entire government.

 

Gone are the days of security-through-obscurity for connected consumer products. Designers can no longer ignore the risk that a potential security compromise poses to their brands.

 

As a result of growing concerns, U.S. lawmakers recently introduced the Internet of Things Cybersecurity Improvement Act of 2017, which seeks to impose minimum security requirements on devices purchased by the government. While the proposed legislation focuses on public sector IoT, it is a likely stepping stone to broader regulation of security in all IoT devices.

 

The lack of security in IoT devices was generally not due to lack of leadership or engineering capabilities; rather, it was a market failure. Devices were insecure because it didn’t make economic sense to implement an appropriate level of security.

  

But brand-conscious leaders of companies that manufacture connected devices are starting to consider what’s called the annualized loss expectancy associated with security risks. Product stakeholders are quickly becoming aware that improper security is no longer a negligible risk to their brands.

 

The lack of security in IoT devices was generally not due to lack of leadership or engineering capabilities; rather, it was a market failure. Devices were insecure because it didn’t make economic sense to implement an appropriate level of security.

 

But brand-conscious leaders of companies that manufacture connected devices are starting to consider what’s called the annualized loss expectancy associated with security risks. Product stakeholders are quickly becoming aware that improper security is no longer a negligible risk to their brands.

 

With some straightforward strategy in hand, device makers can reduce this risk and meet customer expectations without undue impact on their business models.

 

Digital security and privacy live on a spectrum, from complete openness to extremely powerful cryptographic protection. Heightened security will always come with downsides, including negative impacts on:

 

  • User experience: Authentication and provisioning cryptographic systems always introduces extra and often cumbersome steps for users.
  • Product cost: Complex cryptographic operations or the need for secure storage can increase significantly the cost of silicon.
  • Cost of development: Digital security can constitute a significant portion of the engineering development cost for an otherwise simple device.

 

As with all design trade-offs, costs can be greatly minimized by making decisions early in the design cycle, during initial requirements gathering, feasibility studies and proof-of-concept work. Business stakeholders need to work closely with the engineering design team to understand the technical implications of digital security and map them to potential business risks.

 

With some additional planning and understanding of potential trade-offs, the digital security market will better be prepared to get ahead of any attacks to make IoT devices safer.