IOT Security – is about ‘Data Handling’ and ‘Physical Security’
In the last blog we saw that convergence of Operational Technology ( OT) and Information Technology (IT) is the obvious evolution of ‘Internet of Things’, and the security consideration being different between each case. It is clear that this is a combination of ‘Physical Security’ and ‘Cyber Security’ that combine to protect the IOT network. So we are talking about ‘data confidentiality’ and ‘access protection’ at the same time. Gartner predicts that by 2020, IT security will be forced to be more planned, as the tsunami of a huge number of devices entering the ‘Security premises’ will be very
With billions of devices getting on board to track and interact, the sheer amount of data generated will be so huge that there will be a clear need to rationalize and prioritize what data is needed for ‘action’ and what is needed for ‘analysis’. That intelligence will depend on data crunching systems – and that affect data security directly. There are two aspects of security here – how to secure ‘prioritized data’ and another ‘secure devices’ in the ‘event of results’ of the action. This will have to be done through a data life cycle model that would start uniquely with each deployment, and over a period will create more ‘predictive models’ of data handling and security.
Physical security – here the new word that is getting added the ‘Data confidentiality, Integrity and Availability’ is the physical securing of data – the big question is how safe is the data generated from the IOT device. This model, mentioned as CIAS, is needed because of the sheer numbers, variety and complexity of IOT devices that will get added to the network. The need to automate, aggregate and analyse the device ‘data’ will be a key factor for a successful deployment of IOT security. As IOT data will affect our real lives (imagine data from a fridge or an electric oven at home, for example), this overall aspect of data safety is key.
Finally, there will be open and closed IOT systems. A gas distribution system in a city, which is ‘automated’ and is an ‘IOT system’ is different from a closed network like a factory. The overall concept could be the same, but the vulnerabilities of devices, the network, the storage and the decision making systems are quite different. We will analyse about Closed’ and ‘Open’ IOT systems and how a)Standardization of security protocols b) attention of hackers c) New vulnerabilities affect these systems in the next couple of blogs.