Skip to Content

Internet of things (IoT) security: it’s time to take a new approach

Capgemini
July 7, 2020

Business context

Whether you run a farm or a high-tech manufacturing plant, your business is now reliant on computing power to optimize yield and efficiency. The use of embedded intelligent sensors distributed into an environment, feeding back information for analysis and decision making is growing year on year. According to an analysis by Markets and Markets, the pre-COVID-19 market in 2017 was worth USD 4.62 billion and is projected to grow to USD 22.48 billion by 2023. It is leading a revolution in situational awareness across a number of sectors, including those that have a high impact on our daily lives: energy, water, food production, and healthcare.

We are witnessing massive changes and I think of the changes I have seen over the last 30 years of my career: moving from an environment where computing was heterogeneous and disconnected to a digital world where artificial intelligence and analytics are growing and there are huge pools of data being collecting over an increasing web of connectivity with reduced human involvement driving what has been labelled the internet of things (IoT).

Do we need IoT security?

In this automated world, the security methodology of people, process, and technology is under strain as the level of intervention reduces. Where we have relied on good governance or operational processes to provide security in the past, we now need to rely much more on the technology as the level of interaction required to do this becomes impossible. In my opinion, this means that the devices and applications we use to drive business and societal benefit need to be resilient to error. They also need to prevent malevolent attack from a variety of threat actors either for financial or political gain.

Assuming that the security paradigm is now technology focused, does that mean that we should be looking at security based on trusted components (either software or hardware) or from a top-down architectural approach. I think we are going to have to revisit some ideas from the past and look at developing a security by design approach to individual components to build islands of trust on which security architectures can be built upon. This would involve investment in trusted processors, software libraries, and toolsets, etc. It will also involve moving the people and process part of the security solution to the design and development phase and be much more reliant on technology to provide operational resilience.

Trust

I conclude that the security in this new highly connected, data-driven business world will need to change to ensure businesses increase operational speed and connectivity, that the data being collected and processed can be trusted as the basis of decisions been made either by humans or AI engines. This trust will need to be explicit, especially when the data and consequent decisions are shared between organizations in a complex supply chain or in the handling of patients within a heterogenous healthcare system. The integrity will need to be robust enough to be utilized at the time but also for any subsequent disagreement including legal argument.

Visit our secure OT/IoT page to see how we help clients build digital trust – transforming security into a source of strength and competitive advantage.