Security providers are rapidly adapting their protections to encompass evolving Internet of Things (IoT) models, but the impending collapse of an Australian IoT startup and greater attention from hackers suggest that the battle to secure the IoT is still well and truly in its early days.
Once a darling of the venture-capital crowd, Sydney-based IoT pioneer Ninja Blocks recently slipped into wind-down mode after failing to secure additional funding for its crowdfunded home-automation devices. Just six months ago, the company was hoping to turn nearly $1m of fresh investment into a US presence that CEO Daniel Friedman hoped would make it a “household name”.
Ninja Blocks' rapid rise and fall may presage the inevitable challenges and losses in a new industry like IoT, but more established players are pushing ahead with all guns blazing. LogMeIn, for one, last month launched a new version of its Xively IoT management platform, adding a new 'blueprint' feature to manage device permissions, provisioning, and authentication.
“With the new Xively, we started by looking at a whole new way to manage not just secure connections of data, but also who, in the end, has the authorisation and permissions to see that data,” said Paddy Srinivasan, LogMeIn’s vice president of products for Xively in a statement.
“From there, we looked at how you could deliver instant connectivity that would ensure all of those things were taken into consideration every single time you connect.”
Microsoft is also talking IoT, partnering with manufacturing-technology giant Fujitsu to leverage that company's IoT/M2M platform, Microsoft Azure-based IoT services, and mobile devices that the companies believe will help streamline manufacturing and reduce costs.
Enterprise-software behemoth SAP, for its part, jumped into the IoT fray with the recent release of the SAP HANA Cloud Platform for IoT, a cloud-hosted IoT offering designed to extend SAP environments with a raft of IoT enablement tools. Its launch included a partnership with Siemens to facilitate large-scale industrial IoT deployments, while SAP also signed on with Intel to improve IoT's integration with enterprise environments.
Despite the enthusiasm over IoT, however, security concerns remain a significant issue for the consumers the technology is likely to benefit: recent privacy research from Intel Security into Australian attitudes to IoT security, for example, found that just 10 percent of Australians trusted public transport smartcards to manage personal information. Some 10 percent trusted location services, 9 percent trusted TV subscription services, and 9 percent trusted personal health and fitness devices.
By contrast, fully a third of respondents said social-media applications were untrustworthy, 30 percent didn't trust public WiFi, and 28 percent didn't trust mobile applications.
These findings reflect the security concerns raised in a January US Federal Trade Commission (FTC) assessment of IoT security, which outlined best practices to help businesses build consumer trust in the model as it evolves.
That trust is unlikely to be bolstered much when hackers turn their concentrated attention to IoT device at the DefCon 23 security conference in August. Organisers will host a dedicated IoT Village dedicated to the breaking of IoT device security.
This article is brought to you by Enex TestLab, content directors for CSO Australia.