Is technology advancing and evolving faster than our collective mindset?
The latter is an interesting thought, and perhaps easy to confirm when considering connectivity. Today, we have the Internet of Things, and enjoy the hyper-connectivity it provides–if only we could completely trust it. Our security technology is lagging behind, so how do we enhance trust in connected things?
The fact is that our security technology has many failings, and IoT can make it even easier and devastating to be compromised. Fortunately, there are means to enhance our trust in IoT and make its use safer for everyone.
The first thing that needs to happen is increased security on the technical level. That means we need to find ways to reliably verify which user has access to what information on various devices, among other things. One of the many advantages of connecting devices is that you can affect their state from anywhere—but so can anyone else if they penetrate your security measures. So, security measures need to be reviewed and better ones should be extensively tested against any possible threat.
A lot of the burden of responsibility falls on the device itself. As many connected devices can be used in many different ways, each needs to have a measure of self-defense already included. This ensures the simplicity of function for the end-user, while also helping them understand the integrity of their connected devices.
Manufacturers, laboratories and developers need to become as transparent as possible about security and their efforts to enhance it. They need to be able to answer user questions such as how their information is protected in different cases, how IoT devices can defend against malwares or what proof these claims to be true. The manufacturers and developers need to build secure software and hardware solutions and be able to guarantee for their security.
In this climate, the reputation of a manufacturer could become one of the most important parameters when it comes to customers deciding on where they want to buy their devices. And we will have to rely on it as a telling sign as to whether or not our information will be secure and our device networks uncompromised.
The whole subject of cybersecurity, especially concerning IoT, is still very much a gray area. We don’t have enough regulations to help people stay safe. As a user, you need to know who’s liable in case of breached security, and whether or not you can seek help from the manufacturer or a developer. In other words, trust in this context is all about reliance—whether or not you can rely on the device or its manufacturer to protect you. To be able to do that, any commitments, contracts, liabilities, etc. need to be regulated using legal means.
Human-Centric Trust Model
To summarize, what we need to enhance trust in connected things is a human-centric trust model based on technical, social, and legal means. Well designed Security Certification & Assurance Frameworks combine all three means together to provide a level of trust in connected devices. When it comes to cybersecurity, no technological advancement is too small.