The importance of security within IoT projects
As IoT and IoT projects become increasingly popular, we wanted to know what are the biggest issues within IoT projects when it comes down to security, and often what are the common mistakes that people keep on making? Electronic Specifier spoke to Neil Bosworth of Gemalto to ask his expert opinion on the topic.
When starting an IoT project what do companies need to look at, and watch out for?
Embarking on an IoT project can be a daunting prospect. The digital age brings almost limitless connection possibilities and it can be difficult to know where to start. But successful IoT deployment is predicated upon thorough planning and business assessment.
Understanding the vision and nature of deployment is a great place to begin. Large scale projects with tens of thousands of endpoints might provide a hyper-connected business platform, but it could be unnecessary. There are several industries where smaller scale IoT projects can thrive in the near-term, areas such as predictive maintenance, remote monitoring, building management, agriculture and fleet management.
With the introduction of new IoT technologies, such as LTE-M and LTE-NB1, it’s important for businesses to understand their objectives for deployment. Current 2G and 3G networks have the support of global infrastructure and so are often the natural choice. But they are being slowly phased out, in favour of the new, faster and more reliable technology coming through. If the focus is on fast, cheap deployment, then choosing 2G or 3G connectivity might be right. But if businesses are seeking reliability and longevity, then new tech such as LTE-M and LTE-NB1 might be an alternative route.
How many failed IoT projects do you see compared to the number of successes?
Naturally, failure looks different for different businesses. But from businesses large to small, failure is usually the result of a breakdown in preparation. Companies who jump too quickly into a project without having a robust initial concept and business plan to match, find that their project quickly runs out of steam. More often than not, products become late-to-market and miss their window of opportunity, leading to a smaller and longer roll-out with a limited impact.
To prevent this from happening, businesses must take advantage of the tools and platforms which can provide the necessary support. Thanks to the expertise of tools such as AWS and Microsoft Azure, as well as MNOs and MVNOs fine-tuning their offering with IoT functions, we’re seeing success rates increase and projects deliver the ROI they promise.
What are the biggest challenges people face when it comes to IoT?
We are operating in a period of uncertainty. For some time, businesses have been reliant upon 2G and 3G networks for their convenience and global reach, but we expect to see these become eclipsed by new technology very soon. In fact, some countries such as USA, Taiwan and Switzerland, and operators such as T-Mobile, Vodafone and Telstra are already taking steps to prepare for life after these mobile networks.
While this transition is very exciting for the industry, we face a challenge too. NarrowBand IoT and LTE-M modules promise so much but their development is stemmed by existing infrastructure and processes. There is no global implementation comparable to 2G or 3G, so the technology is not maturing. LTE CAT1 offers the closest match to what businesses expect from the modern IoT, both in terms of maturity and stability, but this still requires several mobile bands for global deployment. The industry needs to be bold and step outside of its comfort zone by embracing the new technology coming through that will provide real business impact.
Tell me about the new range of IoT terminals and how they can help companies in their projects?
IoT terminals have revolutionised approaches to project implementation; reducing costs, time, R&D processes and alleviating the burden on IoT developers who can concentrate on analysing and leveraging its data channels.
Using a terminal, as opposed to manual deployment, businesses can shorten the project development time by automating many of the otherwise time-consuming processes such as hardware development, radio design, PCB design and manufacturing. Terminals provide a substantial boost to security too. They are built with security-by-design and so are delivered with bespoke certificates and hardware keys, simplifying security processes and device management. Businesses will find that IoT terminals provide a secure, durable and reliable solution that delivers substantial ROI over the course of deployment.
When it comes down to IoT what is the biggest security trap that people fall into?
Having security front of mind when designing IoT projects is fundamental to their success. It can be so easy for businesses to fall into a security trap or overlook a minute detail which can prove disastrous further down the deployment. That’s why when companies are creating their business plan, they must factor in security-by-design, whereby protection is integral to all product development processes. In doing so, it provides the peace of mind that substantial measures have been taken to protect important data.
In the past, IoT developers considered a private APN or VPN, coupled with a form of password authentication, to be adequate security. However, this is limited in that it does not offer comprehensive coverage and reduced security maintenance. To be effective, IoT security must encrypt data from the device to the cloud. Devices and servers need mutual authentication and end-to-end encryption. Furthermore, the encryption keys must be deployed and managed in a secure fashion.