Much is being made about the security of the Internet of Things and it’s a topic close to Fujitsu’s IoT vice president Alex Bazin’s heart.
Before leading Fujitsu’s global IoT practice, Bazin cut his teeth on biometric systems – and he sees some of the same issues that used to be raised around biometrics being similarly raised in an IoT context.
“It’s funny ten years later how some of those arguments have moved on for biometrics,” he said. “I think we’ll see the same in IoT.”
In the interim, however, there is a global push of sorts to raise the bar of security in IoT conversations, particularly those relating to connected consumer products.
“Security is interesting because in my mind there’s almost two IoTs – consumer and enterprise,” Bazin said.
“A lot of the press has been around consumer IoT and I think the criticism around security is absolutely valid there.
“The consumer space isn’t something Fujitsu’s really a major player in – it’s not our focus – but I think that criticism of security does read across into the enterprise side.”
In that way, Bazin believes that some of the answers to security being asked on the consumer side of IoT might be addressed when the enterprise side of IoT takes off.
“I think as the IoT industry matures and it becomes more enterprise and less consumer focused I think we’ll start to see a move in the right direction,” he said.
“Until then we just need to keep the focus on improving security.”
Bazin believed some progress was already being made in the way code is deployed and managed in the IoT world.
“Being able to securely deploy and manage code updates is a good step forward, and it’s nice that companies are staring to take that more seriously,” he said.
“For example, we’re doing a lot of work with some of our automotive partners around how they provide trusted updates to engine control units (ECUs) and other parts of a vehicle, but there is still a long way to go.
“When you’ve got very low powered devices with constrained bandwidth, managing firmware updates can be difficult.
“It’s getting to a point where it’s solvable, but I think the bigger challenge is you maintain sufficient bandwidth connectivity to be able to provide those updates.”
Bazin believed that as the number of IoT devices proliferates – billions are expected by 2020 – customers may have to revise how they think about endpoint protection.
“I think we’ll have to be moving much more to a defence in-depth strategy,” he said, referring to an architectural model of layered security controls.
“We’ll also need to be thinking a lot more about how we ensure data integrity.
“In the standard IT world the thing we worry about is the compromise of data and systems. We don’t see this so much in IoT in terms of the fear of data being deliberately poisoned or distorted.
“But I think you’re going to start seeing dangers of that in the IoT space where the data causes a real physical world action to occur. It’s another threat vector we need to start thinking about.”
However, he also believed that in some ways IoT did not need its own security strategy, and that – at least at a base level – it shouldn’t be treated differently to existing IT systems.
“A lot of this boils down to good security principles,” Bazin said.
“Just because you might be sending low-powered devices out in their 10s of 1000s doesn’t mean that you can get away with not providing the same security thinking that you’d be doing for a standard desktop deployment.
“Some of the technologies are different and the network constraints are very different but we just need to keep the focus on addressing these.”