Secured IoT Just A Delusion Away!
I reached out to an old colleague to get some input on how different organizations are working to achieve secured IoT platforms. To my surprise he did not see it any different from securing anything else. Regardless of the many unique aspects of IoT Security I threw at him, nothing resonated. It was then that I realized that many in the industry just don’t realize the perfect storm that they are being hit with.
My colleague just did not share or buy into the challenges of distributed IoTs, their cloud application dependencies, resource limitations or proprietary hardware and software. He had quick answers for everything. Segmentation via VLAN, Communication — Route Control. Access Control with firewalls. He was convinced the tools, process and procedures he had developed over the past years would work just as effectively for secured IoT as it does for secured enterprise.
For some, unless Cisco has a product to address a problem, the problem does not exist. They have deluded themselves that when it comes down to it, the industry behemoths will provide. But keep in mind that success for the behemoths means squeezing every last bit of profit from their investments in current technologies. So it’s fair to say they are not jumping to be the tip of the spear. They are in the rear, with the gear – literally.
For many, secured IoT is achieved with “proven effective methods” using “proven effective products” to achieve “industry standard” security. But are these methods and products really proven or effective for that matter? And what does industry standard security mean?
For the past 30 years, the industry has been handling security the same way. Identify a singular target silo that needs to be secured and buy a bunch of high-priced disjointed security products, then pay different high-priced security people to set each of them up, and another set of high-priced security administrators to keep them up-and-running. Oh yeah – along the way you keep an eye out on security – when your team gets a chance – and hopefully you have the right products – and the right people – and some means of consolidating the different outputs and piecing them together to have digestible data.
There is a well defined and proper order to this effort: identify, evaluate, select, acquire, implement, integrate, operationalize, monitor, manage, troubleshoot, refresh – Lather – Rinse – Repeat! It’s fair to say that 90% of most organizations’ security resources are focused on keeping their security products functional and not security. And a good portion of the people employed in the security industry are product experts first and foremost.
What has this traditional model gotten us? Between the hacked social media, hacked Internet services, hacked financials, hacked power grid, hacked political parties and hacked elections we are more exposed than ever. We have compromised records that are in-the-wild numbering in the hundreds of millions. Moreover, the US and EU are both facing their own existential crisis because of it. All of this happened only in the last few years and to organizations that could afford security. What about mid-size and small operators that have limited funding and access to expertise?
It’s time that we as an industry admit that the product-centric security model is not just a failure, it’s a breathtaking failure. And we are only in the early stages of distributed compute era. Imagine the challenges that have to be overcome to have properly secured IoT platforms. Here are some comparisons of what is standard with enterprise security today and the emerging challenges to have secured IoT.
- Intel based multi-purpose standard hardware vs. imagination driven purpose-built proprietary hardware.
- Mac, Linux or Windows vs. Many Operating systems that are as of yet undefined.
- Near unlimited resources and power vs. resource challenged devices with limited access or even finite power resources.
- Localized technologies you can touch vs. highly distributed devices around the city, state, country or the world.
- Technologies that operate in concentric networks vs. those that operate on may different public or private networks.
- Lifespan of 3-5 year enterprise technologies vs. 8 – 20 for IoT Technologies.
Secured IoT is already starting to devastate today’s industry standard enterprise security approaches. We can either delude ourselves into thinking that the product companies will fix the problem or we can take control and define our own success. As Gene Kranz, the venerable flight director of the troubled Apollo 13 mission said: “Work the Problem”. Let’s take Gene’s advice in this era of distributed, mobile and dependency compute. Let’s work the problem, not the product!
Learn more about the differences between Enterprise and IoT Security by downloading our Infographic here.
About Acreto IoT Security
Acreto IoT Security delivers advanced security for IoT Ecosystems, from the cloud. IoTs are slated to grow to 50 Billion by 2021. Acreto’s Ecosystem security protects all Clouds, users, applications, and purpose-built IoTs that are unable to defend themselves in-the-wild. The Acreto platform offers simplicity and agility, and is guaranteed to protect IoTs for their entire 8-20 year lifespan. The company is founded and led by an experienced management team, with multiple successful cloud security innovations. Learn more by visiting Acreto IoT Security on the web at acreto.io or on Twitter @acretoio.