IoT can learn from smartphone security

The massive growth of Internet of Things (IoT) devices over the next one to three years should give us pause. As companies rush to get to market first, are we seeing a “dumbing down” of basic device principals that we have been working with for years, particularly enhanced security and privacy. With so many distinct applications, device scope and diversity represent a unique security challenge that so far has not been met.

I estimate that 85 percent or more of current IoT devices deployed in the real world do not have adequate security installed, and it’s likely that the vast majority of those will never be upgraded (or are not even capable of being upgraded). That means not only do current devices being installed pose a risk, but over the next one to two years, the vast majority of devices that will be deployed also pose a risk.

It’s a bit better in the Enterprise of Things (EoT) world, where devices generally are more costly and able to be enhanced for manageability, reliability and security. But in the price-sensitive market for consumer IoT devices, there is a real lack of security focus.

Build security into IoT devices, don’t add on later

The real challenge, whether EoT or IoT, is going to be deploying devices that are designed using platforms that have an inherent security capability built in — not one of adding security after the device has been created. The add-on approach has never worked well in the past, and this market will be no exception.