Securing IoT implementations may involve concentrating on protecting data rather than devices, according to Verizon.
In many cases, it makes more sense to prioritize IoT data over IoT devices when it comes to security. That’s the view of Antony Tompkins, managing partner of global integrated solutions at Verizon Enterprise Solutions, speaking yesterday to Internet of Business at an event to launch the company’s 2018 trend predictions.
If companies have to track a bottle, for example, he said, then they can just apply an RFID tag or other wireless tracking device. That’s the easy part, he added.
“But if I need to overlay some massive security compliance onto the little device I’ve stuck on there and make it more expensive than the bottle, then it is a completely pointless exercise,” he said.
What’s it worth?
This is where the use-case element of IoT becomes important, according to Tomkins. In other words, companies need to ask if it’s really worth going to great lengths to protect the security of a device, when it’s the data that really matters.
“There is a camera called Canary Camera, which is a surveillance camera. Verizon hardened that device for that company through our labs,” he said. “They put a lot of money into hardening that device because they felt that was really important that was very secure.”
But that’s because a smart-home based security camera collects very personal customer data that cannot be compromised. It’s equally important, Tompkins added, that companies ensure that data that leaves a device isn’t tampered with in transit to another point in the network.
“If you can do that and you can absolutely assure that the data is the same data, then you are probably in a much more secure position,” he said.
Protecting against IoT DoS attacks
Tompkins then talked about defending against denial of service attacks, that have, in part, increased due to IoT botnets such as Mirai.
“There are different ways of defending against these attacks. We bought a company called EdgeCast a few years ago, which is all about content distribution. We have our own content distribution network,” he said.
He added that one of the interesting things that the company found out was because that content distribution network has such vast scale, the backbone platform could be used to alleviate some of these attacks.
“Because if a denial of service hits that platform it is going to get sunk. It stops the breaches getting through,” he said. “Some of these other assets that we have brought in have had some benefits that probably haven’t even related to what we originally thought they were going to be used for.”