https://www.iotworldtoday.com/wp-content/themes/ioti_child/assets/images/logo/IoTWorldToday-mobile-logo.png
  • Home
  • News
    • Back
    • Roundups
  • Strategy
  • Special Reports
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Podcasts
    • Strategic Partners
    • Latest videos
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Editorial Submissions
  • Events
    • Back
    • IoT World Expo Austin
Iot World Today
  • NEWSLETTER
  • Home
  • News
    • Back
    • Roundups
  • Strategy
  • Special Reports
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Podcasts
    • Strategic Partners
    • Latest videos
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Editorial Submissions
  • Events
    • Back
    • IoT World Expo Austin
  • newsletter
  • IIoT
  • Cities
  • Energy
  • Homes/Buildings
  • Transportation/Logistics
  • Connected Health Care
  • Retail
  • AI
  • Metaverse
  • Development
  • Security
ioti.com

Security


Image of fingerprint on keyboard

Valuing Data Protection Over Device Security Can Be A ‘Life-Threatening’ Mistake

OIES Consulting's Francisco Maroto interviews Subex’s Kiran Zachariah on the state of affairs in IoT security.
  • Written by Jeremy Coward
  • 7th June 2017

OIES Consulting’s Francisco Maroto interviews Subex’s Kiran Zachariah on the state of affairs in IoT security. Francisco will moderate a panel at IoT World, showcasing how manufacturers increase productivity and output through IoT applications.

Actively and passively, I never tire of repeating the importance of one of the greatest concerns in Internet of Things (IoT): security.

There have already been many data breaches where smart devices have been the target. But unfortunately, in the IoT ecosystem, first-to-market is a huge competitive driver, so this mean that security is many times sacrificed for speed-to-release. Businesses and consumers need to make claims for security to IoT vendors and regulators.

I spoke to Kiran Zachariah, director projects – CEO’s office, Subex Ltd, about the past, present and future of IoT in security.

Francisco: As you know, the meaning IoT security is not well defined. What is IoT security for Subex and why did your company develop an IoT security solution?

Kiran: “An IoT deployment involves multiple systems that include devices, the connectivity, IoT platforms, gateways, field gateways, load balancers, web services, certificate servers, databases, etcetera.

“A true IoT security solution should be able to secure all of this infrastructure seamlessly and should be in a position to correlate events from all of these sources to detect and mitigate threats. The IoT security system should be capable of identifying specific IoT protocols such as MQTT, AMQP, CoAP, STOMP, Zigbee, Zwave and any other custom protocols, and understand the nature of the topology and communication patterns used in the specific deployment.”

“The attack surface that IoT presents is multiple times larger than the traditional IT scale that incumbent security providers aren’t capable of securing. Subex’s ability to process big data to secure a large number of devices and our pedigree in providing telco scale and telco grade solutions makes IoT a natural vertical that we can cater to.”

“An IoT breach is not just a data breach, but also a control breach… Such hacks are potentially life threatening” – Kiran Zachariah, Subex

Francisco: In the latest Vodafone Barometer Report 2016, we read that “Enterprises are more concerned about data protection than about device or network security”. Are you surprised about this conclusion? Do you believe the results will be different if the information of all IoT breaches and attacks were available?

Kiran: “This is surprising and not so surprising at the same time. It is not surprising because this result is an indicator of what most enterprises perceive as the threat of an IoT – they tend to equate IoT breaches with IT breaches because that’s the traditional view towards security. Unlike traditional breaches, an IoT breach is not just a data breach, but also a control breach.

“The spate of high-profile IoT breaches such as the Jeep Hack, Lizard Stresser, medical pumps etcetera, were less about data and more about taking control of the device. Such hacks are potentially life threatening. Devices inherently contain very little data and there could be some PI information that should be protected, but the larger threat from IoT breach is the loss of control of the device and the havoc such a breach could have on the device’s environment and the people using the device.”

Francisco: IoT industry solutions, by default, are complex. They are made up of many parts, from the devices installed in connected assets, through network connections to back-end systems that are hosted in data centers. What assets is Subex’s IoT security solution protecting? And what are the benefits to the customers that deploy Subex’s IoT security solution?

Kiran: “Subex focuses on securing the three areas of any organization: the customer, brand and device.

“We have seen numerous instances where there has been loss of personal data which is sensitive in nature, loss of control over a connected device and loss of privacy, which are some of the major concerns that a customer is often worried about.

“When a device is compromised (often these are rendered inoperable) there is loss of intellectual property, and also when a device is compromised, it needs to be patched. OTA may not be possible and fixing costs may run very high.

“Every time a security threat occurs in any organization, it makes it to the media, thus causing reputation damage and loss of business. Companies like Target and Asus are classic examples of such an event. The compliance costs associated with such events are very high as well.

“Since the inception of Subex Secure, securing these three areas have been the foundation of our product.

“IoT ecosystems tend to be extremely complex. A typical deployment includes multiple systems such as platforms, databases, mobile apps, load balancers, web interfaces, certificate servers, etc. All of these systems expose interfaces that can present vulnerabilities to the IoT deployment. A true IoT security solution should be able to secure all these components and should be able to understand traffic from ‘OSI layer 3’ to ‘OSI layer 7’.

“A possible solution is to incorporate multiple systems that detects vulnerabilities across OSI layers 3-7 such as intrusion detection system (IDS), a web application firewall (WAF) and a security incident and event management system (SIEM) with a built in log analyser. However, interfacing these systems and correlating events between them could be extremely challenging. Subex Secure monitors threats from layer 3 of the OSI stack, all the way up to the application layer (layer 7).”

Francisco: In the absence of standards in IoT, there are many battles, with protocols, platforms, networks, and so on. Do you see a potential winner in the IoT networks battle?

Kiran: “Our opinion is that the IoT market is big with enough variations and use cases for every one of the providers to survive and thrive. The market is also relatively new, and it is too early to pick a winner among all the providers. Considering the nascent nature of the technology – the best providers will move forward through partnerships and affiliations.”

Francisco: What do you think is the biggest threat to IoT around the world?

Kiran: “Over the last couple of years, the media crescendo around hacking and privacy has reached a very high pitch. Starting from the Target Hack to the 60-minute documentary featuring the hacking of a congressman’s cellphone. Hacking has entered mainstream media with the Mr Robot TV series.

“The backlash to the NSA decryption program Bullrun is well documented. The average customer is becoming aware and concerned about diluted nature of security being implemented in everyday products. The media focus on IoT security is increasing, and coupled with growing consumer concerns could potentially curtail IoT adoption.

“Surveys have shown that security remains the biggest barrier to IoT adoption. Unless the industry takes appropriate steps to counter these fears, there is a likelihood that the promise that IoT provides will not find takers simply because security is not addressed and consumers do not feel comfortable enough.”

Francisco: What trends do you predict for the future of IoT security?

Kiran: “The IoT security market size is estimated to be worth around $37bn dollars by 2021 growing at a CAGR of 36%.

“Security is a ground-up problem and we expect device manufacturers to factor security in from the device design stage of the product lifecycle. As standards get defined around IoT, security will become ubiquitous with features such as remote attestation being built into the device and their solutions. The next couple of years are going to be truly exciting and we look forward to the innovation that we, our partners and customers will jointly bring to the market.”

Francisco: What are the challengers in gaining customer trust in IoT?

Kiran: “Gaining a customer’s trust starts with a compelling use case that the IoT solution provides, which should provide greater benefits to the customer than the value of information that he/she provides. The customer should be assured that the information collected is stored securely and all possible mechanisms are in place to prevent malicious misuse of their information.

“Adherence to strict compliance standards and publishing of those adherences help. Also making user agreements less complex and clear about what information is collected, how is it transported and stored, what is done to protect this information and what is done with the information – basically a lot more transparency is needed.

“It is also important to have clear incident response plans when an event occurs, how a company responds to an incident and the extent they go to safeguard the customer, the service and brand could also be a testament to their intentions.”

Francisco: Do you have any additional comments or recommendations you’d like to make concerning IoT security?

Kiran: “IoT security is a very important piece in IoT ecosystem and any organization that is looking at investing in an IoT security solution must carefully evaluate all the capabilities of the solution.

“The threats related to IoT are ever-evolving and an IoT security solution must not only be effective against existing threats, but must also be capable of identifying and mitigating future threats. Also, the IoT Security solution must be one place where all the threats related to IoT can be viewed and actioned upon.”

Tags: Article IIoT/Manufacturing Security Technologies Vertical Industries

Related Content


  • Caltech campus
    Robots Could Gain Sense of Touch, With New Artificial Skin
    New design can help businesses determine the presence of hazardous materials, offer greater safety for workers
  • Clearview AI Fined $9.4M Over Facial Data Scraping
    The company was ordered to delete any data it held on U.K. citizens.
  • Microsoft Ramping up Cybersecurity Service Offerings
    Three new managed services will boost the company’s presence in the security space
  • IoT Product Roundup
    IoT Product Roundup: PTC, Nokia, Arm and More
    All the latest Internet of Things products

Leave a comment Cancel reply

-or-

Log in with your IoT World Today account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Latest News

  • 5G connectivity
    The Future of 5G Featured at IoT World 2022
  • Bosch Pioneers Quantum Digital Twin Initiative
  • IoT Deals & Partnerships Roundup: Nokia, Accenture and More
  • Robotics Featured at IoT World Conference 2022

Roundups

View all

IoT Deals & Partnerships Roundup: Nokia, Accenture and More

29th July 2022

IoT Deals & Partnerships Roundup: Nokia, SoftBank, Microsoft and More

15th July 2022

IoT Product Roundup: Nokia, Energous, Dashbot and More

6th July 2022

White Papers

View all

The Role of Manufacturing Technology in Continuous Improvement Ebook

6th April 2022

IIoT Platform Trends for Manufacturing in 2022

6th April 2022

Events

View all

IoT World Expo Austin

2nd November 2022 - 3rd November 2022

Latest Videos

View all
Image shows a road within the Curiosity Lab at Peachtree Corners

Brandon Branham, Peachtree Corners, on Smart Cities

Peachtree Corners CTO and assistant city manager chats with IoT World Today’s Chuck Martin about what’s happening at Curiosity Labs

Image shows a Beep electric autonomous shuttle

Joe Moye, Beep, on Self-Driving Shuttles

Beep’s CEO chatted with IoT World Today’s Chuck Martin about the deployment of the company’s electric autonomous shuttles

E-books

View all

How Remote Access Helps Enterprises Improve IT Service and Employee Satisfaction

12th January 2022

An Integrated Approach to IoT Security

6th November 2020

Webinars

View all

Is MQTT becoming the de facto standard of Industry 4.0? The impact of IoT on industrial automation protocols

18th August 2022

Building trust for a connected world

25th August 2022

Is MQTT becoming the de facto standard of Industry 4.0? The impact of IoT on industrial automation protocols

18th August 2022

Special Reports

View all

Omdia’s Smart Home Market Dynamics Report

7th January 2022

Cybersecurity Protection Increasingly Depends on Machine Learning

28th October 2020

IoT Security Best Practices for Industry and Enterprise

20th October 2020

Twitter

IoTWorldToday, IoTWorldSeries

The Future of 5G Featured at IoT World 2022 dlvr.it/SW6Szm https://t.co/eXWr6mfQya

5th August 2022
IoTWorldToday, IoTWorldSeries

Mars Drones Complete Testing on Active Volcano dlvr.it/SW6M4d https://t.co/mB8Suz1hzU

5th August 2022
IoTWorldToday, IoTWorldSeries

Honeywell Partnership Provides Flying Car Control Technologies dlvr.it/SW3t5n https://t.co/iFftFZaHxD

4th August 2022
IoTWorldToday, IoTWorldSeries

Driverless Autonomous Vehicles Arrive in China dlvr.it/SW3nzN https://t.co/nAVugrMzqG

4th August 2022
IoTWorldToday, IoTWorldSeries

Hyundai Reveals Futuristic Smart City With Automated Transport dlvr.it/SW3jgr https://t.co/fPaR8B0ikN

4th August 2022
IoTWorldToday, IoTWorldSeries

More Intelligently Converting DC Voltages dlvr.it/SW2tKz https://t.co/SMFWhTPpCW

4th August 2022
IoTWorldToday, IoTWorldSeries

Illinois Researchers Use AI to Teach Robots Teamwork dlvr.it/SW1DsC https://t.co/M3wqXN9JaR

3rd August 2022
IoTWorldToday, IoTWorldSeries

BMW Reveals $308M Test Track for Autonomous Cars dlvr.it/SW0D8q https://t.co/3zXFVnl4rd

3rd August 2022

Newsletter

Sign up for IoT World Today newsletters: vertical industry coverage on Tuesdays and horizontal tech coverage on Thursdays.

Special Reports

Our Special Reports take an in-depth look at key topics within the IoT space. Download our latest reports.

Business Resources

Find the latest white papers and other resources from selected vendors.

Media Kit and Advertising

Want to reach our audience? Access our media kit.

DISCOVER MORE FROM INFORMA TECH

  • IoT World Series
  • Channel Futures
  • RISC-V
  • Dark Reading
  • ITPro Today
  • Web Hosting Talk

WORKING WITH US

  • Contact
  • About Us
  • Advertise
  • Login/Register

FOLLOW IoT World Today ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookies Policy
  • Terms
Copyright © 2022 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X