We as an industry have not fully developed IoT cyber security requirements. Cyber security is a massive business focused on preventing problems before they occur, identifying problems after they occur, tracing problems to their sources and plugging holes when found. Cyber security often feels like an intersection where the movies of Hollywood and the very real world collide.
On 6 February, 2014, CSG International launched Invotas, a new software and services business unit focused on enterprise security solutions. This is a very interesting play for a company that has tremendous experience in managing and analyzing transaction-based data across carrier-grade networks. CSG has focused on large-scale enterprise operations for years, but has now created a dedicated business unit to compete in this critically important technology area.
MachNation is excited to ponder the offerings that CSG could bring to IoT cyber security. CSG has the assets, knowledge and human capital to address the security issues that impede adoption of IoT solutions. In addition, communication operators might find these CSG offerings beneficial as value-added services and differentiators in their IoT/M2M offerings. As we have discussed in the past, operators are looking for ways to differentiate their connectivity-only IoT solutions, and security-related services are in high demand from their enterprise customers.
What are four of the impediments to securing all those billions of connected IoT devices?
1. Myriad device types. If you think there are a lot of device types in the traditional IT world, think again. In the IoT world, connected devices span the gamut from small, solar-powered sensors in wheat fields to high CPU, IoT computers on manufacturing equipment. Some of these devices have an operating system, some do not. Some of these devices have on-board applications, some do not. Providing enterprise- or carrier-grade security in this type of world is fiendishly difficult.
2. New cloud-based platforms and applications. Many of the platforms and applications being built and used for IoT solutions are fairly new and/or offered by vendors that are fairly new. We are not insinuating that new solutions and vendors are not secure, but sometimes the test-of-time is a good one for proving the quality and safety of a solution.
3. Heterogeneous networks. IoT solutions run over heterogeneous networks. Anytime there are multiple networks used for a single solution, there is a security vulnerability — especially at the point of intersection between networks. Providing carrier-grade security at these points is critically important to prevent and detect any cyber security issues.
4. Lack of standards. Many IoT standards are in their naissance. Without standards it becomes very difficult to create effective security products. In essence, all security becomes a custom-developed service to respond to each unique security requirement. Standards for IoT devices, communications protocols and industry-specific applications would assist in the development of more common approaches to IoT cyber security.
For more information about IoT security from an enterprise implementation-based perspective, we recommend two articles by Thorsten Bux, IoT Project Leader at Bosch. In his first article, he looks at threat analysis and creation of a security map. In his second article, he provides a technical view for securing an IoT application. We recommend you read both if you have an interest in this topic.
We look forward to hearing more about CSG’s work in enterprise cyber security. This burgeoning area of technology development is critically important for the success of the IoT ecosystem.
Stay connected for more IoT updates from MachNation.