What enterprises should consider when it comes to IoT security
By Laurent Soubielle
Many enterprises have realized that the IoT presents tremendous business opportunities. The IoT can help businesses stay agile in changing situations and maintain a high level of visibility into operations, while positively impacting their bottom line.
According to a BI Intelligence report, those who adopt IoT can experience increased productivity, reduced operating costs and expansion into new markets. Yet despite this proven success, security concerns have historically been a barrier to IoT adoption for enterprises. In fact, more than 50% of organizations say that security is a main reason they have not taken advantage of IoT.
Fortunately, with new technology and new networks, enterprises don’t have to choose between valuable business insights and organizational security anymore. Here are a few questions enterprises should ask themselves to ensure they’re maximizing the value of IoT while upholding security.
What information do we need and how often?
When thinking about potential IoT deployments, it’s important to assess what information would need to be collected by devices to deliver insights that can steer the business forward. Not all IoT use cases are created equal, and not all information needs the same level of protection. While information such as the location of critical items (e.g., medicine or vaccines) requires high levels of security, other information, like the humidity levels of soil, may not. It’s unlikely a hacker would even care about low-impact information, and even if they did, it would be hard for them to abuse it in such a way that would be significantly detrimental to a brand.
Organizations should also consider how often they need information. If IoT devices are reporting critical information frequently – say, four or five times every hour – that poses a larger security risk than devices that only need to communicate information two or three times a day.
To constantly transmit data, devices will need to be continuously connected to a network. This constant connectivity makes it easier for hackers to get into the network, take over devices and gain access to data. Therefore, the more often data is transmitted, the more companies will need to put appropriate safeguards in place to protect that information.
Do we have a backup system in place?
If enterprises have a more complicated use case that requires lots of data and frequent collection and, therefore, need a device with an IP address, they should take extra precautions to shut down an IoT system in the event of a hacking. Network hacks occur when devices are compromised via the network to which they are connected. This type of breach enables the hacker to gain control of the device and use it. However, organizations can avoid network hacks by connecting IoT devices without an IP address to a 0G network.
A 0G network is a dedicated, low-power wireless network that is specifically designed to send small, critical messages from any IoT device to the internet. Because the network is created to save power, it does not rely on the traditional, constant and synchronized two-way communication protocol between the device and the receiver. Once the IoT device wakes up and sends the data asynchronously to the 0G network, it goes back into sleep-mode. This creates an extremely small window for hackers to break into the network and take control of the device.
Additionally, because a 0G network is difficult to hack or jam, many companies use it as a backup network for IoT devices susceptible to RF jamming. Being connected to this network allows devices to send a distress signal to shut down a system if jamming or hacking is detected, and the primary network is compromised.
Can we get by with an IoT device without an IP address?
To transmit large amounts of data frequently, organizations generally require IoT devices that have IP addresses and to be constantly connected to the internet. Unfortunately, this makes them more vulnerable to attacks, requiring enterprises to put extra security measures in place. However, other devices exist that do not require an IP address, therefore decreasing the security risk. For example, by operating on a lower frequency network, like 0G, devices can “sleep” in between uses. This means that enterprises can increase their security due to the lack of constant communication between devices and the receiver.
A 0G network is perfect for simple use cases – such as collecting soil temperature – that do not require constant updates or large amounts of data. Instead the data may only be transmitted once or twice a day at random times. This is not to say that 0G can’t transfer more complicated messages – it certainly can. And in both cases, devices are not beholden to the network and therefore are not as susceptible to hacking.
While IoT security remains top of mind for many executives, there are several ways to decrease risk while still moving forward with deployments. With the proper safeguards in place, enterprise and industry organizations can unlock the limitless potential of IoT – without compromising security.