A lot has been said about the Internet of Things and how, when it is secured, we will all make massive business gains. In my role as an IoT strategist, I spend most of my waking hours caring about what the IoT can enable but also caring about how this delivery of benefits can be secured. But why do I care? Not just out of interest in the technology but simply because we should be able to deliver better “IoT products” and better profitability. Note, however, that I believe there will be very few of us producing things that should be labelled as “IoT products.”
Enhancing capabilities. In our world of electrical and electronic design of products, so different from a lot of press coverage of IoT worlds, why should security surrounding the IoT concern *you* as an engineer or as a business leader? It is all about enhancing your current business capabilities and performance – and not about becoming an “IoT company”. The temptation to follow the stampede towards being labelled as an IoT company seems far too much like the turn of the century when being labelled as a DotCom venture looked like a passport to $billions.
When we consider new approaches like IoT innovations for building our products there are a lot of factors to consider, such as:
- Potential for increasing profitability
- Potential for defending business value
- Impact upon the design process
- Engineering issues.
All important factors need considering for both their positive and their negative impacts – but the key to deciding how and whether to adopt the new approach is to consider all of the factors on balance. We have to ask ourselves what is the overall effect going to be? This process is a strategic priority for any organisation that can benefit from the IoT approach by, for example, changing their product sales and maintenance futures into an “As A Service” proposition. Those moves to an IoT style future are echoed in the work of JCB in LiveLink, and in initiatives within GE, Rolls Royce and John Deere.
Balancing the influential factors around adoption of IoT approaches is a fascinating and rewarding process and something to consider seriously and deeply. But that is a different subject, for another day.
Security. The simpler and major issue surrounding all influential factors when an IoT approach is to be adopted is that every factor will be negatively affected if the IoT technologies are not sufficiently secured. This relates to many features of IoT based systems but is predominantly the result of massively interconnecting products ensuring that attackers can get remote access.
Mentioning interconnections as the key Achilles’ heel of the IoT leads some to assume everything will be OK if we just encrypt the communications. This really is just a small part of the picture. Security for the IoT has to be fully end-to-end across complex systems from edge devices to servers, and especially from installation through operation to maintenance in the field. To add to the interest, and more seriously to add to the difficulty, the systems that can be built with an IoT approach vary so widely that there is nothing close to a single way to ensure IoT security.
For just over a year now the IoT Security Foundation has been working to establish some initial best practices, and significant industry collaborations, aimed at effective IoT security. I operate as an advisor to the board at the IoTSF and I’ll be discussing more about their work in my keynote presentation at Zuken Innovation World. IoT considerations for electrical and electronics design
When you look at all the elements of any IoT-based system, at the base you will see the need for products that are designed, built and linked into the rest of the interconnected solution. These products are built from and with:
- Embedded electronics
- Embedded software.
Although this is fairly obvious to any product designer, it is of interest just now for two main reasons:
1. In the near future new best practices for IoT security will ensure that those products and their component technologies can be secured. That will help make the IoT into the desired solid rock for building a base for business solutions.
2. The use of best practice for IoT security can have major spinoffs for all products, whether they are related to the IoT or not. Those latter spinoff business benefits relate to:
- Protecting against cloning of your products
- Protecting against hijacking of product firmware
- Protecting against overproduction for gray markets.
I am getting ready for Zuken Innovation World in the UK on Oct. 5 and my presentation on “IoT Security and Engineering Realities” is focused on that issue of finding the IoT solid rock but also on the surprising business realities and opportunities that are consequently emerging for all of us involved in delivering products whether they have anything to do with the IoT or not. I will focus on why we as product developers should care about this strong base for the IoT.
is the guest author of this blog post. He is an independent IoT and security strategist at NEuW and is an Advisor to the Board at the IoT Security Foundation. The post How can the IoT be a solid rock to build Products and Profits on? appeared first on Zuken Blog.