IoT Agenda

Apr 24 2018   2:12PM GMT

Now and later with IoT: What to consider regarding cost, reliability and security

Rick Vanover Rick Vanover Profile: Rick Vanover

Asset management
CIA triad
Internet of Things
IoT devices
IoT hardware
iot security

The benefits of deploying IoT are becoming clearer for many organizations, especially when the use case is identified for a business problem solved with IoT (see my other article for more on that). However, once an IoT technology “sticks,” additional security considerations prior to deployment may not be top of mind — but they should be.

Device security should be incorporated into any design, and IoT deployments are not exempt. The general approach is to use the CIA triad: ensure the confidentiality, integrity and availability of the technology. While there are many debatable concerns around the security of devices, such as smart locks, there also are concrete examples of internet-connected devices posing a security risk with default passwords. The viral video demonstrating how an internet-connected carwash using default passwords can be exploited helps put the urgency of securing IoT devices into perspective. Weak and default passwords on IoT devices and platforms can even put personal safety at risk. When securing IoT devices, seek integration with existing certificate frameworks.

Photo by dylan nolte on Unsplash

From a reliability perspective, cascading failure is a consideration as well. Consider a smart refrigerator that could run the risk of being “bricked” due to an IoT device failure, misconfiguration, malicious use or bad firmware. If in a hospital use case, unreliable devices could risk ruining a very expensive inventory of medicines that require climate control or even put lives in danger. Device reliability may also be a consideration over time as conditions may change. Temperature and other atmospheric factors, quality of network connection, changes in network equipment and changes in logical configuration (such as routing to the internet) may all introduce small and seemingly irrelevant changes to an environment, but IoT devices may respond unexpectedly to these changes.

From a cost perspective, consider a fixed device removal (and replacement) date or cycle. Just as capital expenditures like PCs and desktops have a three- to four-year life span, IoT assets should have their own asset management cycle. The details of that cycle will depend on factors such as the device, cost and use case, but also consider the process for spare part management, both from a supplier and, possibly, from a private inventory within the organization. A fixed removal date also provides a possible remediation for vulnerabilities that emerge in the future for IoT devices, because updating them may be daunting. Additionally, we should expect that capabilities will increase and costs will decrease for individual devices over time.

While this view on IoT may seem alarmist, a single catastrophic failure or breach could wipe out any IoT benefit. The challenge today is to design with these considerations in place to avoid an unforeseen challenge that wasn’t addressed ahead of time.

All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: