Security by design principles: shaping the future of IoT


The main difference between the Internet of Things (IoT) from the traditional Internet is people. 

IoT doesn’t rely on human intervention and interaction to function, but rather does so using smart sensors that collect, communicate, analyze and act based on the information it’s processing, which opens waves of value toward businesses. 

Simply put, more information creates more possibilities to create value: This is the promise of the IoT.

While this will help shape and fuel the digital revolution, in parallel, it opens the door for a plethora of risks and breaches on the cybersecurity level. 

“Not only is more data being shared through the IoT, among many more participants, but more sensitive data is being shared. As a result, the risks are exponentially greater,” a report by Deloitte highlighted. 

According to American research and advisory firm Gartner, there will be 25 billion Internet-connected things by 2020, and close to $2 trillion of economic benefit globally. That’s a lot of IoT devices and the biggest question is, can tech companies secure all these objects from threats?

As IoT slowly slips into the mainstream, with companies like Google, Cisco, IBM, Intel, and others leading the revolution, IoT will soon change the way people live, work, travel, and more.

Let’s take the simple example of a smart home. 

A garage door opener with an additional functionality of deactivating the home alarm system upon entry is a convenient add-on for the homeowner but presents itself as a weak point for someone with malicious intent. 

The broad range of connectable home devices—TVs, home thermostats, door locks, home alarms, smart home hubs, garage door openers, to name a few—creates a myriad of connection points for hackers to gain entry into IoT ecosystems, access customer information, or even penetrate manufacturers’ back-end systems.

Thus, the question poses itself as to how companies can create safer IoT products by design. 

Security by design is an approach to software and hardware where security is applied into the manufacturing and development of IoT products from the get-go and not added on using security patches. 

According to Edith Ramirez, former Chairwoman of the Federal Trade Commission, there are three steps that businesses must take into consideration when manufacturing smart devices to bolster consumer privacy and security:

1. Security by Design

This means every IoT design should start with security. Giant tech firms as well as startups should incorporate security into the initial design process, while adding layers of security to protect people from the cyberattacks vis-à-vis giving them more control over the devices themselves.

2. Data minimization

To avoid security breaches, IoT manufacturers should employ different approaches to protect the device from being accessed by anyone through the Internet.

3. Consumer transparency 

IoT manufacturers should provide consumers with notice about how their data is used and shared, and then offer tools that will allow consumers to turn off certain types of information collection and sharing. 

In parallel, effort should be made to educate consumers about security so users can avoid making risky behaviors while using their IoT device.

Guidelines for safer IoT usage 

The European Union Agency for Cybersecurity (ENISA) released a report that details the guidelines needed to secure the entire IoT supply chain to help keep organizations protected from vulnerabilities which can arise when building connected things.

A major touch point made within the report highlights the need for cybersecurity integration into every layer of the organization, which includes engineering, management, marketing, and others, in attempts to shield the entirety of the supply chain from potential risks. 

This not only adds another layer of protection but allows cybersecurity experts to address problems and design flaws within products in the early stages of their development. 

The report echoed Ramirez’ calls for security by design since “early decisions made during the design phase usually have impactful implications on later stages, especially during maintenance,” said the report.

The ENISA also highlighted the importance of securing the supply chain of ICT products and services that need to become a prerequisite for their further adoption particularly for critical infrastructure and services. 

“Only then can we reap the benefits associated with their widespread deployment, as it happens with IoT,” said Juhan Lepassaar, Executive Director of ENISA.

The Internet of Things has moved from big idea to reality faster than most expected.

Which is why it is vital that organization optimize their manufacturing practices for IoT, since a shift in the right direction can unearth a plethora of opportunities to create and capture better value. 

This not only allows innovation to grow at a much faster rate but allows for manufacturers to make the best decision possible in offering customers the most compelling products and services.