sommai - Fotolia

How to secure the internet of things

With the expansion of the IoT market, protecting the company's data and IP is more important than ever. Here are four ways organisations can put security at the core of the IoT value proposition

The chance to jump into the fast lane that is the internet of things (IoT) is an opportunity too good for many businesses to miss. This is particularly true in light of the UK government’s budget pledge of nearly £140m to develop applications for the IoT and smart cities.

The IoT could prove transformative, and there are huge possibilities for companies to be more efficient and bring exciting products to market.

But as the IoT market size increases – research analyst Gartner predicted there will be 26 billion units by 2020 – hackers have an expanded surface area, and protecting company intellectual property (IP), customer data and operational infrastructures is more urgent than ever before

Securing multiple points of vulnerability, whether that is a company laptop, a valve in an industrial plant or a smart TV in an individual’s home, is a major challenge for organisations and requires a wide-ranging response.

The risks are huge. With personal data and IP stored on connected devices, hackers have the very real potential to completely limit an organisation’s performance. 

History has shown existing security features are not up to scratch, with the hack of 40 million credit card numbers from US retailer Target in 2013 being a prime example. This was an extraordinary attack because the hackers gained access through internet-enabled heating, ventilation and air-conditioning systems set up in the stores. 

Management consultant Capgemini’s research found only 33% of organisations believe their IoT products are “highly resilient” against future cyber security threats, and 48% of companies focus on securing their IoT products from the beginning of the product development phase.

Cyber security is a fundamental enabler of the IoT, and if it is not prioritised the business opportunity will be undermined. If Target had understood the reputational damage of a security breach, they might have taken a different view on how they prioritised it. 

So how can organisations put security at the core of the IoT value proposition?

Set up an integrated team of business executives and security specialists

Product managers working alongside security specialists to plan the product roadmap will ensure security is a key consideration when designing core features and functionality. An integrated team will allow for greater collaboration, ensure the business and security concerns are well balanced and any vulnerabilities can be identified early in the product lifecycle.

Integrate security best practice with the IoT product development process

An effective risk management mechanism is nothing new, but it is an important part of this process. 

Business leaders need to identify where their organisation might be vulnerable through an analysis of disruptive attack scenarios, and the financial and non-financial impact of an attack on the organisation as well as the users. 

Once this is understood, leaders will have a clearer view of the cyber threat landscape and how security should be embedded throughout the product design process of design, coding, testing and evaluation.

Educate consumers as well as front-line staff in security best practice

Planning and integrating strong security features will only take you so far before it comes back to how the IoT product is being used. 

Organisations must inform and educate consumers on best practice including regularly changing passwords, which is still one of the most common causes of a security breach, and offering advice on security patches. 

Front-line staff must be well-trained on how to help customers manage these issues. Being able to provide this support will enhance the reputation of the company and minimise the risk of a security breach.

Address privacy concerns with transparent privacy policies

To protect consumers from potential data privacy breaches, businesses need to develop privacy policies that clearly detail how the data collected from IoT products will be used, and these policies should be easily accessible to consumers. 

Everybody is becoming more conscious about where their data is being held, and an organisation making a clear effort to show consumers what their data is being used for will differentiate itself from the competition.

The internet of things has the potential to be enormous for both consumers and businesses, but security has to be at the heart of every stage of the process. We would not buy a house that had no front door on it, so why would a consumer buy a connected product with no security features in place? 

To inspire confidence in the IoT as it gathers pace, businesses need to ensure they are supplying the lock as well as handing over the keys.

Mike Turner is vice-president and chief security officer at Capgemini UK.

Read more about security and the IoT

Read more on Privacy and data protection