In year 2020 it’s anticipated that between 30-50 billion things in some kind will be connected to a public network. These device will be in various forms but they will all share common needs; they need to authenticate them self to counterparts, they need to validated their counterparts, they need to protect data in motion and data at rest and they need to ensure integrity of the data.
So what are those things? An often-used term at the moment is the Internet of Things (IoT), which is a group name for devices that are connected to a public network to exchange data with others. An example is your car that already today is connected to a set of services and you can control it with an App. But in 2020 your car will have the ability to act autonomous based on the settings you made and make decisions based on data it exchanges with others, it will for instance arrange its next service based on your historical use and propose a free time based on your current calendar, that is if it does not drive to the service station by it’s own. Futuristic? Well 6 years is a long time. There are plenty of other examples of smart sensors that are already intelligent to make their own decisions based on data it collects.
So if these devices are intelligent enough to drive a car and have a lot of data about you they are of course interesting for others than you, people that you neither have granted use of your sensors nor want to grant access to your personal data.
The IoT market will explode and as always some short cuts will be made, such as ignoring the security risk or implementing poor security practice. We at neXus has done some interesting projects during 2013 in which we have implemented security using a very scalable model that can be used to both personal use and organizational-wide use. By using certificates (PKI), identity federation and distributed authorization you can build a security architecture for your connected things that puts you in control and yet does not burden you as a user.
If you are a manufacturer – think about security from day 0, give your customers secure smart connected things - they deserve it. Protect them from hackers and other parties that want access to your customers devices and the data about your customers.
If you are a consumer make sure you ask about the security for your smart connected things. Demand a secure connected thing and take advantage of the future under your control.