IoT security threat a rising tide, not a tidal wave: LogMeIn CEO

Security and device management vendors are expanding the scale and function of Internet of Things (IoT) related management platforms quickly enough to help compensate for IoT makers' general lack of security expertise, according to the CEO of a growth-minded IoT vendor.

Despite ongoing concerns about the coming tidal wave of IoT security flaws, newly appointed LogMeIn CEO Bill Wagner told CSO Australia, “I don't think it's going to be a wave. We live in a world that is utterly unconnected right now, and I think the tide is going to rise as connected products become integrated with standards.”

Those standards – for example, OASIS' MQ Telemetry Transport (MQTT) standard for lightweight messaging between IoT devices – are steadily being baked into evolving IoT-management frameworks such as LogMeIn's Xively, which is being positioned by the company as what Wagner called a “massively scalable, very low latency” platform with which IoT devices and vendors can interact to gain security and management that they don't want to have to build themselves.

“The majority of companies building connected products really have no interest in knowing how to build their own IoT management platform and management capabilities,” he said.

“They are not software companies; they have no interest in building their own IoT platform and management capabilities; they may never have had a help desk because they've never had to deal with consumers; and they don't know how to deal with security issues. Those are the companies we think we can really help.”

Wagner expects that getting IoT vendors to play ball will become progressively easier as vendors fill out their hosted IoT-management offerings with new capabilities that further strengthen their value proposition.

LogMeIn, for one, has been not only building out its Xively platform but last December acquired LastPass, a successful password manager whose underlying 'zero-knowledge' technology, Wagner said, reflects the kind of tight security model the company wants to bring to the IoT space.

“When we were founded,” he said in explaining the market realignment by a company that built its business on remote-access solutions, “all applciations lived on a computer and remote access was really important.

But in the new world of remote access, the question is how do you simplify and secure access to cloud apps now that they're no longer on the machine? That was what led us into the identity management space.”

Read more: Ping Identity's new Australian data centre anchors user, IoT identity overhaul

In March, LogMeIn edged LastPass closer to the IoT world with the release of LastPass Authenticator, a mobile app designed to deliver 2-factor authentication by extending LastPass security to iOS and Android devices as well as the Apple Watch.

“Identity for us manifests itself across the product portfolio,” Wagner said, noting that Xively's Blueprint feature allows IoT companies to map their connected products to related services in the API-driven Xively ecosystem.

This lets IoT devices leverage back-end integration and offloads authentication tasks to Xively's centralised object database. IoT security vendors have been rushing to plug gaps in everyday equipment that has been designed for functionality rather than speed.

US-based Karamba Security, for one, this week debuted anti-malware technology designed to protect normally-unsecured electronic control units (ECUs) that exchange information between components of modern cars. Ping Identity this week launched an Australian data centre to boost performance for an identity-management framework designed to address IoT requirements as well as corporate user authentication.

And Verizon recently issued its own projections around IoT's faster-than-expected growth and has been working to bolster its ThingSpace as a centre of gravity for efforts to bring order to the evolving market space.

“The positive side of all this news and the high-profile hacks is that everyone now acknowledges that everyone is going to be hacked or attacked,” Wagner said, “and that there is no endpoint. You are always on a journey to improve your security profile, and this is going to be a big issue as IoT continues to blossom.”

Participate in this short survey on IT security strategies across the Australian market and go in the draw to WIN a 360Fly camera vailued at $689.

Start survey NOW

Read more: Siemens industrial switches vulnerable to DROWN decryption bug


Join the CSO newsletter!

Error: Please check your email address.

Tags IoT vendorsiosIoT threats loomlogmeinMQTTIoTXivelyCSO Australiacyber securityAppleLastPass

More about AppleBillCSOLogMeInPing IdentityTransportVerizon

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

More videos

Blog Posts