Why We Need to Talk IoT Security Right Now

July 22, 2021

We speak with Ian Drew, Chairman at Foundries.io, on the importance of IoT security and what it means for the future of the connected world.

David Maliniak

Related To: Microwaves & RF

What you’ll learn:

Why IoT security is critical across consumer and enterprise markets.
How to ensure security within your fleet of devices.

MWRF: So, why do we need to be having the conversation about IoT security right now?

Drew: The Internet of Things is reaching human life at so many different touch points, from smartphones, to appliances, even to healthcare tools such as pacemakers. I suspect that the prevalence of recent hacking will only continue. IoT security will become more than a technology problem, and become a cultural one.

Many people would not know unless they sat back and really thought about it, but they likely have somewhere in the vicinity of 10 to 20 connected devices with IP addresses in their homes alone. The same extends to the enterprise, except we are talking in the thousands.

According to Gartner, over 20 billion IoT devices were in use in 2020 alone, and a lack of security means there are far too many vulnerabilities for cybercriminals to pinpoint and exploit our data. Not to mention the recent movement from a legislative level in both the U.K. and U.S. All to say, I think the conversation is validated.

Who is securing these devices?

That is a problem in and of itself. Top line—security is hard. This is an incredibly challenging problem to solve, and right now, we are finding that not enough people are available to do the job or to understand the job from the ground up. There is a growing movement to secure platforms that help with the development, deployment, and maintenance of connected devices in a way that is more standardized—and promotes learning from shared experiences.

New proposed laws have also identified gaps in transparency and frequency when it comes to OTA [over the air] and software support for the lifecycle of connected devices, so this is an area I expect that we’ll see a lot of movement in from an ownership and accountability perspective. OEMs and brands will soon need to be at the forefront of these conversations

What are some tips to ensuring a secure IoT device deployment?

At the very minimum, you need a plan in place when a security breach or hacking does happen. Make a plan, pinpoint the people who know how to address the breach, and fix it.

However, we are learning more and more how crucial it is to adapt from reactive models to more preventative models. Organizations need platforms that encourage and facilitate continuous testing so that its fleet of devices is always up-to-date with the latest bug fixes and security measures. When you do take this preventative method, it is a technology equivalent to setting up another insurance policy for your business.

Often, organizations don’t have this capability in place, having neither the IT bandwidth nor the experts to handle this complex problem. So, I expect we’ll see an increase in partnerships with third-party vendors to support this more preventive, protective model and begin to identify vulnerabilities before they even appear.

How do you work with customers to get them on board with this preventative method?

Well, once we can identify potential issues or concerns that are hiding around corners, that sets everyone up to mitigate issues before they arise. In the end, identifying security risks before they happen delivers a host of benefits for a business and its users—from saving money, to eliminating downtime, to getting to market quicker, to even finding ways to add value on top of already existing products and solutions.

One of the other unsung benefits of this preventative approach (made possible by a more standardized platform approach) is the ability to learn from the sharing of experiences. Similar to approaches that we use for product innovations or application development, this can be brought to security.

Other than person-to-person conversations, what else in the world is bringing security to the forefront of conversations now?

New legislation and laws proposed by both the U.S. and U.K. governments are all the validation this conversation needs. Specifically, the U.K. government recently announced new security laws to protect IoT devices, which was largely a reaction to surges in smart device sales during the pandemic. You do not often think about the security of a device when making these purchases, or for how long the device will be protected and updated to remain secure. This is a huge step in changing this narrative and a positive step forward for our safety and security.

Is there anything else you would like to share on the topic?

Well, I could go on for days, but I think I would really like to hammer home the following: Security is hard. Better systems and platforms need to be in place so that devices are “built secure” before they are a part of our connected lexicon, and this is as much of a cultural shift as a technological one. It will be a challenge, but we must continue to talk about security and bring it to the forefront of business discussions.

If you look how dependent companies and consumers are on IoT and edge technologies—and the tremendous value they deliver—it’s a no-brainer. As this movement continues, security will become a chief element of a brand’s reputation, which will elevate the conversation to where it must reside.

Ian Drew, Chairman at Foundries.io, is a FTSE 50 senior executive and serial entrepreneur within the global technology industry. With a track record of founding and leading successful companies, he specializes in growth and strategy, ecosystem development, international expansion, and M&As. He delivers industry-changing initiatives in areas such as IoT, security, trust, automotive, telecoms, smartphones, and software (both client and server/enterprise).

About the Author

David Maliniak | Executive Editor, Microwaves & RF

I am Executive Editor of Microwaves & RF, an all-digital publication that broadly covers all aspects of wireless communications. More particularly, we're keeping a close eye on technologies in the consumer-oriented 5G, 6G, IoT, M2M, and V2X markets, in which much of the wireless market's growth will occur in this decade and beyond. I work with a great team of editors to provide engineers, developers, and technical managers with interesting and useful articles and videos on a regular basis. Check out our free newsletters to see the latest content.

You can send press releases for new products for possible coverage on the website. I am also interested in receiving contributed articles for publishing on our website. Use our contributor's packet, in which you'll find an article template and lots more useful information on how to properly prepare content for us, and send to me along with a signed release form.

About me:

In his long career in the B2B electronics-industry media, David Maliniak has held editorial roles as both generalist and specialist. As Components Editor and, later, as Editor in Chief of EE Product News, David gained breadth of experience in covering the industry at large. In serving as EDA/Test and Measurement Technology Editor at Electronic Design, he developed deep insight into those complex areas of technology. Most recently, David worked in technical marketing communications at Teledyne LeCroy, leaving to rejoin the EOEM B2B publishing world in January 2020. David earned a B.A. in journalism at New York University.