The IoT opportunity
Recent Economist survey:
Expect their company to be using IoT within 3 years
“IoT is our single biggest threat AND biggest
opportunity over the next 10 years” – Brand-name fortune
500 board of directors*Source: ABI Research, Cisco, Craig Hallum Estimates
0
2
4
6
8
10
12
14
16
18
20
$0
$50
$100
$150
$200
$250
Dev
ice
sB
illio
ns
Mar
ket
Size
Bill
ion
s
Big Data Analytics (53%CAGR)
Connected Device Platforms(33% CAGR)
Platforms (33% CAGR)
Application EnablementPlatforms (32% CAGR)
Value Added Services (26%CAGR)
System Integration Services(24% CAGR)
Hardware (23% CAGR)
Connectivity (12% CAGR)
Internet-connected devices(Cisco Estimate)
95%
The Internet of Things?
More like the Internet of Attack
Vectors• Attack surfaces are expanding rapidly
• Physical access to systems is becoming easier
• Consumer privacy concerns are rising
• Consequences of a breach are becoming more severe (critical infrastructure, brand deterioration, data privacy issues, etc.)
• Product companies are being forced outside of their comfort zones
• Three dimensions that make IoT security challenging…
3. Usage modes
Things to note about IoT usage modes that affect security:1. Some modes are normal and standard solutions exist2. Some modes are new and standards are still emerging3. Some modes are becoming more vulnerable due to resource constraints
The IoT security problem areaA. High resource constraintsB. Complex deployment topologiesC. Novel usage modes
Mo’ IoT, mo’ problems
The 4th dimension: time
Now we have a Tesseract
The difficulty with IoT security is that the landscape is constantly changing, even after products are deployed
Security should be designed for from the beginning and embraced as a journey throughout
It starts with a process…
Conclusion
Takeaways:
1. Security processes. Have a security architecture from the beginning and
evolve throughout (layers, topologies, modes)
2. Technology selection. Start it from the beginning and evolve thoughout
3. Operations planning. How do you respond if/when a security incident occurs
in the field. Use checklists
– http://owasp.org/
– http://builditsecure.ly/
Embrace the journey