Today’s IoTruth: Manufacturers will secure my IoT devices:
Are you safe to solely rely on manufacturers to secure your IoT devices? The reality is, manufacturers would like to give you a secure product, but there’s a whole set of challenges that make this very difficult to execute.
- Lack of expertise – the PC industry for the last 25 years has been trying to secure the computer. And it has not accomplished that. Now imagine all these manufacturers trying to build security into devices where their core expertise is not security. As security markets continually innovate, attackers will take advantage of the vulnerabilities. And they’re going to take advantage of that lack of security expertise from the manufacturers.
- Margins – this is about money, right? Think of the devices that you’re buying. Some of the devices are cheap, in the tens of dollars. Manufacturers simply do not have enough margins in the sale of their products to build security from scratch into those devices. Security is expensive and that cost cuts into the profits of manufacturers.
- Strict Rules – there are often strict rules for how manufacturers update their devices, and these can vary by industry. For example, the Food and Drug Administration (FDA) has certain guidelines for medical device updates. Staying compliant can be a challenge even for well-established manufacturers and there is often lag time between the discovery of a vulnerability and the issuance of an update or patch.
- Competition – IoT is going to explode. Everyday new, innovative products come to market, and companies are beating each other by time to market. It’s that first vendor that’s going to take the market share and they’re going to build a product that customers want, with security as an after-thought. Building security from scratch takes time, and takes away from getting a product to market quickly.
So today’s IoTruth? Manufacturers will not be able to secure IoT devices. The burden of security is going to fall on the enterprise. You’ll be responsible for discovering all the devices that are connecting to your environment, and need to be able to control and secure them so that you can properly protect your organization.