Latin America. The IoT is a multi-billion dollar market, Gartner predicts that 20.8 trillion things will be connected by 2020. We are already seeing the benefits of the Internet of Things, we can find them in different devices: smart watches, in cars and even in the refrigerator of the house. We can connect to different devices from anywhere, the interconnectivity that these devices offer bring multiple benefits for our daily lives, both at work and personal level. That's why we see an increasing number of companies developing IoT-focused technologies.
Apart from the benefits that this interconnectivity presents, such as convenience and the exchange of instant information, we also see that the IoT brings with it the increase in threats in terms of digital security. This is where we must ask ourselves the following question: are we sharing this information safely? Can cybercriminals have access to this information? How is our information being stored? What kind of security do these devices bring with them? And many other questions related to information security and how it is transiting on the network. Many times we think about the benefits that new technologies bring, and we leave aside a fundamental part: security. Vulnerabilities of interconnectivity in the IoT can pose multi-billion dollar risks to information and businesses, and to users it can pose major risks including life and death cases.
We no longer only have to worry about the security of web pages, or servers, or emails; now we are talking about the security of all things. It may seem like something out of a science fiction movie but it is a reality; all things are sharing information. Without going too far, today there are even shoes that share information, so IoT devices are extending the area of attack in the ecosystem, not only corporate but also that of our personal life. Examples of how car safety has been exposed, pacemakers, or how hackers have had access to controlling things as basic as interactive toys with which our children are sharing information, make us think about how important it is to protect ourselves.
Manufacturers are rapidly producing smart devices that take into account the user experience, but, in many cases, leave aside the security of the data exchanged or the way this data is accessed. This is when the question arises: in what state of the process should security be implemented?
IoT security is critical
Within IoT there are three areas that must be taken into account by developers: Privacy, Authentication and Integrity. These three themes will allow the Internet of Things to be exchanging information securely.
Privacy: daily millions of devices around the world are exchanging information through the Internet of Things many times it is personal information, such as bank accounts, identification numbers, etc. Therefore, the privacy of information is an important factor; if this information is not being protected it can be a threat. It is critical that device manufacturers ensure that the information exchanged reaches the right person and is not seen or manipulated by the wrong people: hackers. The encryption of the information that we have already seen in emails and with digital certificates, is essential to protect the information and guarantee the privacy of it.
Authentication: authentication allows you to verify that the sender or thing that sends, receives, or accesses the information, is who it says it is. Implementing authentication in the IoT will allow all information to be exchanged between the right "things" or people, and not be exchanged with hackers, so that communications are delivered to the right recipient and that the recipient is sure where the communications come from. When we talk about Authentication in IoT we talk about devices to cloud services, from users to devices, from things to things; in short, from any entity to any other, in any possible scenario. It is as if each of these things has an identity that guarantees us that it is the right "thing" with which we can exchange information.
Authentication allows us to identify if the right "thing" is the one sending the information.
Information Integrity: Information integrity in the Internet of Things is the verification that the message or instructions sent to the recipient was not changed or altered during the exchange of the information. Some IoT ecosystems require devices to make decisions and act independently. Let's put ourselves for a moment in the hypothetical case that smart pacemakers or smart cars fall into the control of malicious sources, this is not only dangerous but could put lives at risk, integrity allows to verify that the information sent is legitimate and was not modified.
As we can see, there are multiple elements that must be taken into account for the Internet of Things; we need security, trust and privacy to be maintained within the IoT ecosystem. A method that has already been verified and that is fundamental in IoT security is PKI, which guarantees security, including authentication, privacy and information integrity, as well as being easy to adapt and deploy to meet IoT requirements, such as speed and volume.
Attributing strong identities to devices and things allows protection against cybercriminals. The IoT is in its early stages and manufacturers are worrying about creating interconnected devices, but they are putting security on the back burner. It is essential that security is taken into account from the beginning of production in order to mitigate risks and guarantee the integrity of the information and the implementation of the PKI allows this security, in an automated way and without any negative impact on operations. Considering security from the start will give them a competitive advantage, allowing users to exchange information securely and improve their experience.
In the industry there are Certifying Authorities that have been working with PKI for a long time and can help in IoT implementations. GlobalSign for example has more than 20 years of experience in the industry and is an AC expert in the implementation of PKI solutions, being able to issue up to 2000 certificates per second in an automated way.
IoT devices that do not have security open the doors for cybercriminals, so secure your devices to maintain confidentiality and authenticity, and guarantee only authorized access to your information.
By Laila Robak, GlobalSign Vice President for Latin America
