Cloud of things: find a safe way out of the nightmare
Future of IT: The Cloud of Things will bring many benefits, but also create a nightmare in terms of safety for which few are prepared.
Horror stories have already begun.
The baby monitor transmitting a live stream on the Cloud accessible to all – and the connected teddy bear that could be hacked. The car that allows hackers to take control of remote systems . The grid cut by hackers accessing industrial control systems.
The development of the Cloud of Things will bring considerable benefits to businesses and consumers, but it also creates now a safe nightmare.
“There is not a single class of devices that has been hacked up to a point: we talk too much light bulbs as nuclear power plants From the moment you connect something to the Cloud, it becomes. hackable and then a target, “said Duncan Brown, research director for IDC.
Due to the falling cost of sensors and connectivity, it has become more profitable than ever to add them to an even greater number of terminals. Thus the objects of the IoT include grand public goods such as baby monitors, thermostats and cars and industrial systems.
The number of objects connected to the Cloud is vast: according to estimates, will be 6.4 billion worldwide in 2016, with 5 million new terminals connected daily. This figure could reach 20 billion (or 40, or 50, according to forecasts) by 2020.
But connect also introduced new risks. For individuals, there is a risk to privacy, since these devices record large data volumes to their daily lives, and that cross could create a deeply intimate wore their existence. For businesses, each of these new devices is a potential gateway to their network to hackers, possibly allowing them to access data, but also to control physical systems and cause real damage.
Recently, the US intelligence director, James Clapper, warned of the risks of IoT for data confidentiality, data integrity, and continuity of service. “The devices, designed and meet minimum safety requirements and tests, and an ever increasing complexity of networks could lead to widespread vulnerabilities in civil infrastructure and systems of the US government.”
To further complicate the problem, security has not so far been considered a key factor for many of these devices.
Consider how difficult it is for organizations to protect their own IT infrastructure against attacks. Now, make the network 100 or 1000 times larger, consisting of terminals they may never see, touch or possess, collecting highly sensitive data.
All this has led the security professionals to care for the IoT and the fact that it offers a vast new area to try to defend, with many opportunities for hackers to cause harm – an arena for security that is both physical and digital.
“This is absolutely not theoretical, it happens constantly. It is not more difficult to hack wireless bulb, refrigerator or microwave as to hack a PC. And in fact, in many cases this is easier because they are less sophisticated and no one has yet built antivirus for refrigerators “judge Brown.
These new security risks are partly due to the two paths towards which evolved IoT.
There are completely new classes of devices, such as for home or the connected cities, where innovation and security do not advance at the same pace: new products are designed to test an idea, and safety n ‘ then intervenes.
The other path taken by IoT emerges by connecting existing systems, such as industrial production lines. These systems can be designed before the Cloud existed, and secure remote access has never been considered as an issue.
Some security issues related to IoT are the same as those faced by the existing IT infrastructure, while others are new.
Hacker attacks from the outside and the traditional problems of data theft are the main safety concern, but the IoT will introduce new threats: the emergence of a black market that sell fake data sensors, for example or groups threatening attacks by denial of service against the IoT networks – or even attacks ‘denial of sleep’ where hackers drain the battery terminals by not letting them off.
The IoT devices potentially give hackers access to highly sensitive systems, both large and small (the central pacemakers). Less dramatic, but still serious, problems related to privacy. This adds a level of complexity to the security landscape including familiar most IT decision makers and business.
According to the firm, the security of the IoT represent 20% of annual security budgets by 2020, against less than 1% in 2015. This means that organizations need a new approach to security.
“The IoT is not a safety discipline in itself. The safety of the IoT is based on principles of security on-premise and Cloud, and extends them to a new level in terms of data analysis, complex terminals and human interaction, “noted Forrester’s report” Secure IoT As It Advances Through Maturity Phases. ”
Forrester added: “A wider range of technologies working in a less controlled environment will lead to the highest level of security complexity than we have ever seen Heterogeneity subsystems used to build the ecosystem IoT is a security nightmare. for developers, and will present extensive risk software and physical security in the supply chain of the company. “