Security and the Internet of Things
November 24, 2015 | DevOps | joanna mastrocola
Today, it seems everything is automated. I can set my coffee pot to begin brewing at 6:30AM sharp, turn my lights off with a remote control, and start my car from bed on a cold winter morning, all with the push of a button.
Once you start going digital it’s hard to stop; you want to automate every single part of your life. I can travel to any destination, regardless of whether I actually know how to get there, trusting my car’s navigation system to lead the way. Heck, some people can even turn on their home alarm system or adjust heat settings all from their smartphone. By 2020 the amount of Internet-connected things will reach 50 billion. These numbers are exciting, as they mean that we will become more efficient and technologically advanced. Although the Internet of Things (IoT) is making our lives so much simpler it can also pose security concerns. As automation increases it is important that more security measures are also taken so we can safely reap all the benefits the IoT has to offer. We cannot forget that without proper security, we are putting ourselves at risk.
What seems to be less talked about are the potentially negative effects of the IOT. We heard about the Jeep wifi hack a few months ago. Although that scenario was planned, the fact still remains that it was possible. In the next five years, approximately 90% of cars will be connected to the internet. A study from consulting firm McKinsey & Co found that 90% of accidents will be eliminated thanks to self driving cars, as cars will be able to effectively communicate with one another, avoiding collisions and making the road a safer place to be. However, if people can hack into our car systems and run them off the road, does this statistic make much of a difference?
As drivers, we can practice safer driving while behind the wheel but we can’t protect ourselves from being hacked. If all of the car wifi systems were breached it would pose devastating effects for drivers and manufacturers alike. One of the newest technologies is automated weapons, helping soldiers deliver more precise shots. This seems like a fantastic development to avoid bystander casualties, and it is, until the opposition is able to hack into those weapons and change the intended target.
Healthcare is one of the newest industries the IoT is predicted to improve. With pill bottles that remember when they were last opened, wireless devices to monitor heart rate and body fat percentages, and digital glucose testers, it is much easier for patients to practice at-home-care. Doctors are able to track all of these statistics to make sure their patients are well, avoiding unnecessary trips to the office. These devices also let doctors take care of more people throughout the day. But as our data is being sent back and forth to different devices, and stored in multiple data centers, it is at risk of being compromised, especially if the third party vendors don’t take proper security precautions.
With an increase in devices that connect to the internet there is a natural increase in points of entry for hackers to access our data. As more industries automate, more sensitive information will become vulnerable. Our medical records, social security numbers, passwords, and alarm codes are just some of the data that is at risk. There have already been extensive breaches just by having credit cards and digital medical files… If our stance on security remains the same, imagine how much worse it will get when everything is digital. You might not think someone hacking into your wearable device is a problem, but if hackers install malware that uncovers all of your passwords and is able to access your smartphone, all of your personal information and accounts could be compromised.
IoT takes human interaction out of the equation; instead we have machines making decisions for us. It might seem more precise to have computers zeroing in on our target or deciding when it is safe to change lanes; however, these methods are a lot more volatile than those of human operators if not properly secured.
In order to reap all the benefits the IoT has to offer, we need to make sure that security is a chief factor going forward, specifically as it relates to Identity. The enterprises developing these exciting technologies need to be able to place an identity on all of their devices, users, and machines that contribute to the development, testing, and production of IoT. With these newly-created identities, enterprises can then manage the authorization and authentication of their environment for maximum control and compliance. Without this important data, organizations will be flying blind with no insight into who has access to what, when.
At Conjur we help companies solve this very problem. To learn more schedule a demo here.