IoT multiplier effect
According to Mui Chee Leong at Manulife, the insurance industry views IoT as something that can deliver a better customer experience through more real-time interaction and processing of insurance services.
"Point of sales and payments are increasingly important for us within the insurance sector," he said, "and technologies that can further help us deliver straight-through processing are of great benefit to our distribution and our customers."
But once again, standards are a key stumbling block. "We don't want to be in a situation like Bitcoin, where there's no regulatory framework surrounding it and things just fall apart," said Mui.
He highlighted the current state of mobile diversity and the challenge in securing an environment with so many platforms and non-standard elements. "If we extrapolate this diversity and standards challenge to IoT, the problem is going be even more pronounced," said Mui.
Symantec's Bridges acknowledged these issues will not be solved anytime soon, and so far IoT and the security solutions based on these technologies is driven by specific vendors rather any standards bodies.
Symantec is actively working with industry bodies across various verticals to deploy additional security around connected devices. For example, aircraft manufacturers are evaluating additional tracking technology, PKI encryption and digital certificates across a range of devices and components to maintain integrity.
In banking and finance, hardening of ATM security is something Symantec is currently implementing with manufacturers.
"But perimeter hardening is only the first phase to improve security," said Bridges. "There are so many other ways to infiltrate that the traditional firewalls and network protection will not suffice — nowadays you're unlikely to be hacked through your firewall, it's more likely that a device within your network is compromised."
Jacqueline Teo, head of IT Services, Telstra Global, said that while there will be billions of connected devices and sensors in years to come, not every one will be a computing device. When assessing possible vulnerabilities, the prospect of billions of insecure endpoints is alarming, but Teo notes that sensors in pavements, parking meters, and roadsides clearly do not represent the same level of risk as a smartphone.
She added that understanding the appropriate level of risk is key to managing future threats. "To what extent do we secure all these risks? What security is appropriate at each of these endpoints?" said Teo.
Johnstone agreed that it all depends on the purpose of the end-device, and if it's simply an input device for relaying information, then the risk is probably low — depending on the sensitivity of the data.
"Clearly there's not one simple profile for devices," he said. "You need to look at the circumstances under which the device fits into the picture. With sensors, the most important thing may be the integrity of the data in the backend, or maybe the identity of that device."
Sign up for Computerworld eNewsletters.