IoT security threat a rising tide, not a tidal wave: LogMeIn CEO

Security and device management vendors are expanding the scale and function of Internet of Things (IoT) related management platforms quickly enough to help compensate for IoT makers' general lack of security expertise, according to the CEO of a growth-minded IoT vendor.

Despite ongoing concerns about the coming tidal wave of IoT security flaws, newly appointed LogMeIn CEO Bill Wagner told CSO Australia, “I don't think it's going to be a wave. We live in a world that is utterly unconnected right now, and I think the tide is going to rise as connected products become integrated with standards.”

Those standards – for example, OASIS' MQ Telemetry Transport (MQTT) standard for lightweight messaging between IoT devices – are steadily being baked into evolving IoT-management frameworks such as LogMeIn's Xively, which is being positioned by the company as what Wagner called a “massively scalable, very low latency” platform with which IoT devices and vendors can interact to gain security and management that they don't want to have to build themselves.

“The majority of companies building connected products really have no interest in knowing how to build their own IoT management platform and management capabilities,” he said.

“They are not software companies; they have no interest in building their own IoT platform and management capabilities; they may never have had a help desk because they've never had to deal with consumers; and they don't know how to deal with security issues. Those are the companies we think we can really help.”

Wagner expects that getting IoT vendors to play ball will become progressively easier as vendors fill out their hosted IoT-management offerings with new capabilities that further strengthen their value proposition.

LogMeIn, for one, has been not only building out its Xively platform but last December acquired LastPass, a successful password manager whose underlying 'zero-knowledge' technology, Wagner said, reflects the kind of tight security model the company wants to bring to the IoT space.

“When we were founded,” he said in explaining the market realignment by a company that built its business on remote-access solutions, “all applciations lived on a computer and remote access was really important.

But in the new world of remote access, the question is how do you simplify and secure access to cloud apps now that they're no longer on the machine? That was what led us into the identity management space.”

Read more: Ping Identity's new Australian data centre anchors user, IoT identity overhaul

In March, LogMeIn edged LastPass closer to the IoT world with the release of LastPass Authenticator, a mobile app designed to deliver 2-factor authentication by extending LastPass security to iOS and Android devices as well as the Apple Watch.

“Identity for us manifests itself across the product portfolio,” Wagner said, noting that Xively's Blueprint feature allows IoT companies to map their connected products to related services in the API-driven Xively ecosystem.

This lets IoT devices leverage back-end integration and offloads authentication tasks to Xively's centralised object database. IoT security vendors have been rushing to plug gaps in everyday equipment that has been designed for functionality rather than speed.

US-based Karamba Security, for one, this week debuted anti-malware technology designed to protect normally-unsecured electronic control units (ECUs) that exchange information between components of modern cars. Ping Identity this week launched an Australian data centre to boost performance for an identity-management framework designed to address IoT requirements as well as corporate user authentication.

And Verizon recently issued its own projections around IoT's faster-than-expected growth and has been working to bolster its ThingSpace as a centre of gravity for efforts to bring order to the evolving market space.

“The positive side of all this news and the high-profile hacks is that everyone now acknowledges that everyone is going to be hacked or attacked,” Wagner said, “and that there is no endpoint. You are always on a journey to improve your security profile, and this is going to be a big issue as IoT continues to blossom.”

Participate in this short survey on IT security strategies across the Australian market and go in the draw to WIN a 360Fly camera vailued at $689.

Start survey NOW

Read more: Siemens industrial switches vulnerable to DROWN decryption bug

Join the CSO newsletter!

Error: Please check your email address.

Tags IoT vendorsiosIoT threats loomlogmeinMQTTIoTXivelyCSO Australiacyber securityAppleLastPass

More about AppleBillCSOLogMeInPing IdentityTransportVerizon

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place