By GM Krishna
The world we live in today looks drastically different than it did 10 years ago. The catalyst and driver of this large-scale change, undoubtedly, is technology. More specifically, ubiquitous innovations such as the Internet of Things (IoT), have changed almost every aspect of our lives, making things easier, more organized, and fast-paced. All major industries including manufacturing, mining, telecom, retail, logistics, education, and healthcare have witnessed transformation at the hands of IoT, making it an intrinsic part of our everyday business conversations.
In fact, a recent study by Zinnov, ‘India – Emerging Hotbed of IoT Opportunities’, estimated that the IoT investments in India were close to US$ 5 billion in 2019, and are expected to triple to touch US$ 15 billion by 2021. The same study also reported that at the end of 2019, India had 200-250 million connected devices and this number will grow tenfold to touch 2 billion devices by 2021. While IoT is being integrated into our world, and though the benefits and convenience cannot be denied, we cannot ignore the inherent and manifold security risks that come with its increased adoption.
While IoT devices are ultra-smart, they can also be susceptible to threats in the absence of a robust security framework. Such security vulnerabilities make them easy targets for malicious intent, with potentially dire consequences. The potential threat from unprotected IoT devices isn’t just conjecture but derived from several prominent industry findings. For instance, telecom analytics firm Subex, through its report ‘The State of IoT Security in India’, revealed that the country saw 500 critical IoT attacks of very high sophistication and persistence, while nearly 7,900 malware variants were detected in Q2 2019 alone.
The benefits and challenges surrounding IoT security
From collecting valuable data for analysis to improved operational efficiencies and customer experience, the benefits of integrating IoT devices into business operations are undeniable. It is no surprise, then, that IoT is driving an invisible revolution of connected devices in India. However, as established by the aforementioned examples, IoT devices come with security vulnerabilities, which pose major challenges for enterprises of all sizes.
Despite increasing IoT security incidents, businesses weigh the short term cost of building in security to their IoT networks and decide to omit it, without fully considering potential long term consequences. In other cases, organisations may delay IoT security implementation due to complexity, cost, and a lack of a universal standard. More often than not, security is an after thought than an integral part of the IoT device and solution design.
However, security should be key to the IoT implementation process from the offset – building security controls into systems from the get-go is far more cost-effective than doing so later in the development cycle, or after a vulnerability occurs or becomes public.
It is understandable why businesses may find IoT device security a challenge. There is currently only a limited internal understanding of IoT security in the country. IT leaders with an IoT skillset are a limited resource, as a result of the relative novelty of IoT technology – meaning a good number of companies simply do not have the in-house expertise to evaluate and roll out security measures for their IoT devices.
Businesses also struggle with the implementation of security patches for reasons such as complexity or cost. Many IoT devices at the edge run on low power – sometimes even battery or solar power, meaning security patches need to be seamless and easily implemented. This is further complicated by the cost factor – with these devices often costing very little, security solutions need to be cost-effective and scalable at size to be viable for businesses to adopt.
How organisations can approach IoT security for better outcomes
Against this backdrop, how can companies approach their IoT security challenges? While the balance between the trade-off of security and cost are hard to manage, it is still necessary for companies to make security a standard from the outset, instead of an afterthought. Enterprises should be looking to evaluate security as a process and not a product or an option, while prioritizing it as an item in budgets to reap the benefits of IoT.
With the complexities of IoT security presenting a challenge, and with a security skillset as a resource being hard to find, companies can explore secure software libraries as a security option. By consulting with a qualified expert, secure software libraries offer a middle ground between hardware and software security, allowing for the crucial management of edge devices with end-to-end security.
This is how enterprises may be able to secure their IoT presence affordably and at scale, countering the serious risks of unsecured IoT adoption while reaping the rewards that they can offer. As incidences like the SBI attack demonstrate – it only takes one vulnerability for enterprises to be exposed, and as IoT becomes only more prevalent, businesses need to be taking active steps to protect their IoT infrastructure.
(The author is Director IoT Solutions, Asia Pacific, Avnet)