We hear the term Internet of Things (IoT) in the tech world all the time now, but what does it really mean for us and data security? The IoT is a network of physical objects, devices, vehicles, buildings and other items, which are embedded with electronics, software, sensors, and network connectivity which enables these objects to collect and exchange data. Our need for seamless linkage between all our favourite techy toys makes for an easier, cohesive operation, but at what cost to our security?
The recent hack of a connected teakettle demonstrates the security risks that accompany the explosion of the IoT. Stored in a data centre – or the cloud – unless traffic is totally encrypted with, for example, separate keys from each AP junction, a simple smart device could provide easy access to a range of network resources to anyone with the right antenna.
Even the highest level of security on IoT devices needs constant changing and refining to keep apace, let alone ahead of the hackers. These crack-safe systems need to originate from trusted sources appointed by IT industry leaders – there is not room here for anything less than professional understanding.
The truth is, there is no must-have security for any of our IoT devices and each is an unknown quantity in terms of data safety, whether it’s part of a physical perimeter or reporting to the cloud. Even the humble fitness app will be doing its best to submit its data to some higher, mightier force, not just the user.
The obvious answer to the all-pervading question of security is a draconian one – to scan staff IoT devices as they enter the office on a daily basis. Without an industry-recognised regime to dictate what data these devices retain, disregard or submit elsewhere, how can we know that an individual or business’s cloud resources won’t get weighed down with a welter of unwelcome digital trash?
The entertainment electronics market will continue its stratospheric rise, and alongside this the risk of a catastrophic security breach increases. We must endeavour to fully understand what is actually in these devices, and until then be vigilant in terms of local security and cloud resources.