Application Security in the Internet of Things


High-capacity network bandwidth has become more widely available, and we have quickly tapped into every last inch of its capacity. More devices are built with wi-fi capabilities, the costs of mobile devices are going down and smartphones are in the hands of more people than ever before. In fact, Apple might have already exhausted the market and is seeing drastically lower sales forecasts for the iPhone.

We are moving into an era in which virtually any device will connect to the Internet. Phones, fitness trackers, dishwashers, televisions, espresso machines, home security systems, cars. The list goes on. Analyst firm Gartner estimates that over 20 billion connectable devices will exist worldwide by 2020. Welcome to IoT—the Internet of Things. A giant network of connectable things.

As companies look to get value from IoT projects, concerns about data protection, application security and network security remain. Now with IoT, new security measures must be put in place to protect personal and company information.

With a multitude of new devices to manage, IT must decide how to manage and measure the software performance of programs running in- and out-of-network; not to mention all the new devices that are pouring vast sums of data into company databases. For example, Quartz says connected cars will send 25 gigabytes of data into the cloud every hour. That’s a lot of new data to manage!

IoT requires significant reengineering to address the variety of devices and the constraints that many of these devices impose on security. For example, blacklisting consumes way too much disk space to be a practicable solution for IoT applications. Not to mention smaller devices often have small power supplies, relatively lower processing ability and limited connectivity bandwidth.

Privacy remains a serious concern in IoT. Even when users proactively take steps to secure their data, circumstances and threats are often well outside their control. Hackers can design and execute attacks with high degrees of sophistication—linking information not only from public networks, but also from various private sources such as phones, home automation systems and automobiles.

Take for example, the Jeep Cherokee takeover personified by WIRED last year. In a real-world test scenario, they demonstrated how easy it would be for a hacker to take over your car, disable the controls and leave you utterly helpless. This is one very clear - and gripping - scenario where it’s obvious that smart hardware is only as good as its underlying software.

Poorly written code remains one of the biggest software risks today.

As an application developer, how do you manage these risks and increase your software security? Asking yourself this question and others as IoT projects become more prevalent will be of paramount importance.

Employing comprehensive measurement techniques will help. It’s critically important to only construct tested, reliable, networking stacks and interfaces that gracefully manage exceptions. Ensure that any maintenance or testing interfaces are fully protected. Avoid exposing unencrypted channels. Disable all unnecessary services and lockdown any required services.

The age of IoT is here, and now we need to make it secure.

Lev Lesokhin
Lev Lesokhin EVP, Strategy and Analytics at CAST
Lev spends his time investigating and communicating ways that software analysis and measurement can improve the lives of apps dev professionals. He is always ready to listen to customer feedback and to hear from IT practitioners about their software development and management challenges. Lev helps set market & product strategy for CAST and occasionally writes about his perspective on business technology in this blog and other media.
Load more reviews
Thank you for the review! Your review must be approved first
You've already submitted a review for this item