There’s no arguing that a vast array opportunities exist in the burgeoning IoT space, with connected homes and light bulbs being just the tip of the iceberg. But with IoT shifting more control of everyday life to machines, maintaining a strong security posture in the IoT ecosystem has never been more critical.
Whether you’re a consumer evaluating an IoT product or a business evaluating a potential partner’s IoT technology, the following are 5 security questions you should be asking about IoT devices.
1. How are firmware/software updates performed?
An IoT solution’s hardware and software components are in a constant state of patching and remediation, due in part to threat vectors introduced via wireless technologies central to the functionality of IoT devices. Partners should be aware of an IoT product’s firmware/software update mechanisms and procedures in order to quickly address any new vulnerabilities or security flaws. Consumers should take into consideration a vendor’s track record of disclosing vulnerabilities as well as frequency of updates.
2. What integrations are available for the IoT device?
Devices more often form part of an ecosystem of interacting technologies for automating day-to-day tasks. For example, Nest thermostats integrate with Whirlpool appliances and Mercedes-Benz vehicles to allow for a broader range of capabilities. Open connectivity can create security gaps and partners should consider an IoT product’s integrations and what security implications they could have on users. Similarly, those in the market for a particular IoT device should be aware of how complementary products may impact its security posture.
3. What redundancy mechanisms are in place for the IoT solution?
In many cases IoT devices provide some form of physical security; what happens in the event of a power interruption? Battery-powered smart locks should have auxiliary power available in the event that direct power to the device is lost. IoT devices responsible for managing environments like server rooms and power stations should also have redundancy in place to ensure normal operations in the event of a power failure.
4. How many endpoints are required to operate the IoT solution?
Imagine a scenario in which hundreds or thousands of IoT devices attempt to access a non-existent resource (e.g., a data feed, RDBMS, or website). This could easily compromise quality of service or devolve into a denial-of-service situation, with each IoT component or device requiring network access another entry point for cyber attacks.
5. How much bandwidth is required for the IoT device/ecosystem to operate optimally?
IoT proliferation is a major driving force behind the big data revolution—such devices must often generate and consume unprecedented amounts of data to operate effectively. For managing IoT in the cloud, proper bandwidth must be allocated to support the constant influx of data from devices and endpoints. If IoT devices cannot be managed quickly and reliably in the field due to bad or limited connectivity, security issues may ensue.