Internet of Things Security Is Maturing, But Hurdles Remain

Thanks to a plethora of attention-grabbing headlines, most industry and enterprise professionals are aware of the need for solid Internet of Things security, but there is no one-size-fits-all solution.

Brian Buntz

April 22, 2018

3 Min Read
Image of closeup green eye

We can all agree Internet of Things security is a problem, but how big of a problem is it?

A recent Deloitte survey stated that, for 40 percent of security professionals, IoT security was the single most significant threat to their organizations in the next year.

But we have reached a point with Internet of Things security where it is more productive to understand the ecosystem of security technologies and how they can work together for a given application said Aaron Allsbrook, chief technology officer of ClearBlade at a recent panel discussion at Channel Partners in Las Vegas. “I think people are appropriately scared at this point,” he explained. “I am optimistic around it. The bar has now been raised.”

A recent survey of executives with active IoT deployments from IoT World shows 61 percent of them are either creating an IoT security policy or currently enforcing one. “The biggest thing that I have seen evolve over the past few years [with respect to IoT security] is the recognition that the problem exists,” said Syed Zaeem Hosain, chief technology officer of Aeris in the panel. “It is something that 10 years ago, many people ignored. But now, the concept of ‘security by design,’ which I’ve been talking about for the past 10 years, is finally sinking in.”

A related trend is that a greater number of IoT vendors and security companies are beginning to partner to address specific threat models for given IoT deployments. Vendors are also partnering to determine how, for instance, cloud companies, silicon manufacturers and so forth can address IoT security jointly and how they can stay ahead of evolving threats. “In general, I find that people are afraid, but I think we can connect the dots,” Allsbrook said. “We are not naive enough to think that what we are doing today is going to be good forever.”

[Internet of Things World addresses the security concerns for IoT implementation in every vertical, attracting senior security professionals from the world’s biggest organizations. Get your tickets and free expo passes now.]

Connecting the IoT security dots can still be challenging in many cases, said Steve Brumer, partner at 151 Advisors in the panel. No single security technology can thwart all attacks, so most organizations deploy multiple technologies. But deciding which to choose and how to integrate them can be daunting. “Whose products do I install? Do I look at [embedded] SIM scenarios? If I am deploying [several] security products, what dashboard is it showing up on?” Brumer asked.

There is still a need for considerable education — for all players — involved in the IoT security landscape, Brumer stressed. “We also need to educate vendors. Vendors need to educate us on what IoT security is, and customers need to be educated by all of us,” he explained.  

That education will help organizations identify what their risks are and what options are available to address them.

“You have to understand the consequences of a breach,” Hosain said. It is one thing to have a hacker gain access to a single temperature sensor. It’s another if they can control a car traveling down the road at a high speed. “You could have a violation of an oil and gas facility or water treatment infrastructure where you are affecting tens of thousands of people,” he added. “You have to understand what the breach is and then you can figure out how much money it takes to try to prevent that kind of a problem.”

It is vital to also develop an IoT security strategy that scales. “Any device you have today, you have to be able to update it in some way, shape or form,” Hosain said. “Once you deploy millions of devices, you are not going to be able to touch them. You don’t want to have a security approach that requires a human touch. You want to design it up front to be able to fix it. If you do that, you’ll survive the repercussions of a breach much better.”


About the Author(s)

Brian Buntz

Brian is a veteran journalist with more than ten years’ experience covering an array of technologies including the Internet of Things, 3-D printing, and cybersecurity. Before coming to Penton and later Informa, he served as the editor-in-chief of UBM’s Qmed where he overhauled the brand’s news coverage and helped to grow the site’s traffic volume dramatically. He had previously held managing editor roles on the company’s medical device technology publications including European Medical Device Technology (EMDT) and Medical Device & Diagnostics Industry (MD+DI), and had served as editor-in-chief of Medical Product Manufacturing News (MPMN).

At UBM, Brian also worked closely with the company’s events group on speaker selection and direction and played an important role in cementing famed futurist Ray Kurzweil as a keynote speaker at the 2016 Medical Design & Manufacturing West event in Anaheim. An article of his was also prominently on, a website dedicated to Kurzweil’s ideas.

Multilingual, Brian has an M.A. degree in German from the University of Oklahoma.

Sign Up for the Newsletter
The most up-to-date news and insights into the latest emerging technologies ... delivered right to your inbox!

You May Also Like