embedded world 2017: Security and the software-defined Internet of Things

March 14, 2017

embedded world 2017: Security and the software-defined Internet of Things

As we look forward to Embedded World 2017, it's hard not to notice how far the Internet of Things (IoT) has come since last year's show, and how deepl...

As we look forward to Embedded World 2017, it’s hard not to notice how far the Internet of Things (IoT) has come since last year’s show, and how deeply engrained its impact is starting to become on our day-to-day lives. From dash buttons and smart home thermostats to virtual assistants and Amazon Alexa, the IoT has moved from a theoretical concept to a functional, everyday reality.

No doubt this year’s show will feature yet more outstanding IoT devices, and a whole new generation of innovative connected hardware. The only question is, how much of a role does hardware still have to play in the future of the IoT?

While the connected devices market still offers massive opportunities for growth, the fact is that much of the proprietary hardware being developed to sit within today’s IoT devices will soon be obsolete. Already, the growing compute power behind many of today’s single board computers makes it uneconomical to develop proprietary hardware. Instead, numerous IoT developers are simply inserting a Raspberry Pi (or similar SBC) into their IoT devices and then using software to define the specific functionalities that they require.

As the IoT moves ever closer to an almost entirely software defined model, designers and engineers can start to overcome many of the issues that currently plague the IoT. Firstly, through the development of apps and app stores, product developers can finally look to monetize the IoT, charging users to unlock or upgrade additional features. It will also become far easier to update existing IoT devices, extending the lifecycle of individual products and ultimately helping to overcome one of the biggest talking points of this year’s Embedded World – IoT security.

As businesses, designers and engineers have jumped on the connected devices bandwagon, the rush to make the IoT a reality has left many hardware solutions without the necessary supporting infrastructure needed to ensure that today’s innovations do not become tomorrow’s security disasters.

For many in the IoT community, this lack of long-term thinking will simply be rectified through updates and patching as devices evolve. Unfortunately, it is becoming increasingly clear that consumers simply do not update their IoT hardware when required. According to recent research from Ubuntu, 40 percent of consumers have never consciously updated their connected devices, while nearly half remain unaware that these devices could be infiltrated and used to conduct a cyberattack. What’s more is that they seem largely oblivious of the escalating threats demonstrated by the spike in IoT attacks over the past year.

While this is posing significant issues for the current IoT, as the focus of the IoT switches to SBCs and software-defined functionality, the need for consumers to manage their own device updates will become a thing of the past. As with so much else in the IoT, security is set to become increasingly software-defined, being managed and rolled out from a centralized location.

Before this happens however, the industry needs to step up and take responsibility for keeping devices up to date and find ways to eliminate any potential vulnerabilities before they can cause an issue, rather than placing this burden on unsuspecting consumers. This should serve as a wakeup call to the IoT community to push for better security at the device level.

By listening to, and understanding end users, we can start building more secure and reliable platforms to ensure that the future of the IoT remains intact. The industry needs to be realistic about consumer behaviors and how little action they are likely to take to mitigate security problems.

There are several different ways in which IoT device security can be enforced. We need to see better consumer education, but also better security at both the network level and at the device level. By relying on IoT-specific operating systems such as Ubuntu Core, device manufacturers can guarantee a reliable delivery mechanism for security updates and fixes. As well as providing a solid architecture, software such as Ubuntu Core will manage the rollout of updates (and subsequent rollback should these updates fail).

As we look towards Embedded World 2017, designers, manufacturers and engineers must keep security front of mind, especially when it comes to the Internet of Things. The challenge of this year’s show will not only be showcasing secure solutions, but showcasing solutions which will remain secure for decades to come.

Thibaut Rouffineau is Head of Devices Marketing for IoT, Phone, and PC at Canonical Ltd.

Canonical Ltd.

www.canonical.com

@Canonical

Facebook: www.facebook.com/Canonical-125818784107695

Google+: plus.google.com/116469902245452284818

Thibaut Rouffineau, Canonical Ltd.
Categories
Security