IoT Security: Common Sense for Product Developers and Investors
JC GaillardJC Gaillard
After almost 5 years (at least) of constant media coverage around the Internet of Things (IoT) privacy invasions and security breaches, it's staggering to see some sectors of the tech industry apparently still struggling with those matters.
For many analysts, it all boils down to costs; for others, to the limitations inherent to the size of some sensors and the amount of functionality which can be coded on them.
Both aspects are obviously linked (more powerful chips cost more), but the situation is probably more complex and rooted in deeper problems.
First of all, the security of any IoT product should be seen as a functionality, not an add-on, and treated as an inherent component of any Applications. Basic security good practices will vary depending on the usage of the product but should be part of any Miminum Viable Product (MVP).
As a good business practice, security should be seen as a fundamental requirement for any IoT product.
So why is it not the case with so many products?
Let’s eliminate the issue of costs first of all: Yes, security costs money, but when launching a product, every functionality does. The costs issue hides, in reality, a fundamental prioritization problem. The perception by product developers that customers will value other functionalities more. Research has started to emerge over the past few years showing that, in fact, this is less and less the case.
Rush-to-market is also often cited as a cause, but again that points more toward a prioritization failure. An insecure product shouldn't be seen as a viable, market-ready one.
This shouldn't be seen as a side topic in cybersecurity conversations. The Internet of Things is becoming a cornerstone of the digital transformation in many domains. While some security breaches can be laughable, others can have devastating consequences, for example in the healthcare industry.
It's really the culture of some sectors of the tech world which is under the spotlight here, and with it, the short-termism of some of its investors.
Of course, failure to take this seriously can only lead to politicians and regulators involving themselves further to protect consumers and citizens. We highlighted it in a 2015 white paper, and beyond the measures already triggered by General Data Protection and Regulation (GDPR) where personal data is involved, this is now starting to happen across a broader spectrum of the tech landscape.
Frankly, given the virulence and widespread nature of cyber threats, the need to take security seriously and embed it natively into IoT products should be seen as a simple matter of common sense for product developers and investors. Beyond good ethics, it has quite simply become a matter of good business.
New Podcast Episode
Recent Articles