1/24/2016

The Need to Bake Security into Core #IoT Systems

The interesting thing about the creation of Hadoop, is the software application was never designed for widespread consumption.  Therefore, "Security" was not baked into the initial product.  And over the years, there's been effort to integrate security into the ecosystem.

With the Internet of Things (IoT), one of the main concerns right out of the gate is security.  To summarize IoT technology, sensors reside in a variety of products, information is passed to a gateway, through a specific protocol, to send data in the form of messages to a centralized repository, for storage, analysis and some type of action upstream.  

There is two way communication from the central location to the decentralized devices and sensors, in which data is captured regarding if the sensor is active, it's operating system, the power supply, version number, etc.  Software updates can be pushed to the device, however, with the potential huge number of devices out in the wild, constant communication could cause excessive network traffic / noise.  

Devices get registered and once the connection is established, there's a way to maintain session state and there's a way to secure the communication using SSL which can slow down the communication, however, the system is designed to have small constant packets of information sent across the wire for real time monitoring.  Usernames and Passwords can be sent as part of the message.

However, with any software, it can be hacked.  With any connected device to the internet, it can be compromised and penetrated.  These are legitimate concerns and they echo the similar security concerns from years ago, when the Cloud was beginning to be adopted.  The Cloud has since become standard business practice minus sensitive data like HIPPPA or PCI data, but many companies have chosen the Hybrid approach, by storing sensitive data locally, and pushing aggregated, non customer centric data to the Cloud.

IoT revolves around devices, sensors, communication protocols, data packets, data storage, message queues, big data, analytics, real time streaming data, alerts, web services, hardware, operating systems, etc.  And the number of decentralized sensors can be enormous, and the incoming messages can be millions per second.  So there's some inherent complexity of layers and types of technology involved.  

For IoT to get traction and become mainstream, the concept of "Security" needs to be addressed up front and definite standards put in place.  Because malicious hackers don't take vacations and are probably finding ways to infiltrate existing IoT systems as we speak.  

Imagine all the interception of data hacks that could occur, all the stolen information or electronic asses lifted from unsuspecting, un-monitored systems.  Let's not take the same path that Hadoop took and casually not include security into the core product.  Because IoT has the potential to take the world of data and applications and insights to a whole new level.

Top 22 Complaints by Number