M2M - The Industry
You may have read my colleague's (Richard Hobbs) latest rant, where he talks about how security is in our numbers. While I don't totally disagree, I have a few concerns with security and I believe that these concerns are wide-spread among many different entities.....customers, namely. In fact, I believe that these concerns are actually negatively affecting the growth rate of our industry.
However, I don't think that the only solution is to develop a "better mouse trap". I think we need to start learning how to use what we already have better to start...
The first thing we need to do is to better use security methods / solutions that we already have....here are a few:
Richard's point about "too much security" actually being a negative is a valid one, but maybe for a different reason that he mentions. When I worked at IBM, we had to change our passwords 1-2 times a month. In addition, the password had to be pretty long, contain a certain number of non-traditional characters and we could not use any of the last 20 or 30 different passwords. So, how did most people solve this?
They wrote down their password on a piece of paper and taped it inside their top drawer for reference. It was true....you could pretty much open up anyone's top drawer to find their password. So, while they were satisfying the IT department's requirements for password changes, they were easily making the entire system of security dependent on locking up one's drawers when they went to the bathroom, which almost no one ever did.
So, we need to find a way to make security both easy to enforce as well as easy to comply. This is why the area of biometrics, especially ones based on retina scans and heartbeats are quite interesting. If we can both personalize security as well as make it easy, it will be much more effective.
We all see this sign in parking lots, and it makes a lot of sense. If thieves see an iPad sitting on a car seat, they now know that there is an instant reward for choosing to break into your car. The same goes for valuable information. Stealing a health record, banking information or allowing someone the ability to get free electricity are very appealing targets for hackers. One way to keep these things safe is to get them off of the Internet in the first place.
By using private networks, we don't make it is impossible for thieves to hack into our systems, we just make it more difficult. They now have to go the extra steps of locating key servers by taking multiple hops to get there....but, by limiting their access, we have gone the extra steps of making it more difficult, which is often enough of a deterrent.
The scary part is....not everyone does. Ok, I can maybe see how someone forgets / does not bother to change the password on their new WiFi garage door opener, but there have been stories of government agencies not changing the default password on passenger screening equipment at airports...
So, now that we are a bit more secure by doing some simple things/methods that we already know, what else can we do?
Think local I hear this one at the grocery store, referring to produce and it may apply here. Everyone wants to have everything sent to the cloud for central storage, and there is often a lot of benefit to collecting so much data in one place. However, there is also more liability (and a much bigger target) when you do so....in some cases, it is fine to keep data locally stored. This means that the collection devices need to be more intelligent, which many of them already are.
Whoa, Dude, TMI! I was at a Starbucks last week and a gentleman was looking at his company's financial dashboard on his 17 or 19 inch laptop for everyone to see. I could see that his company was losing money and that he was likely on his way to bankruptcy. Even better was how he walked up to get his coffee and use the washroom without locking his computer. It is great that mobility gives us access to such data, but we need to be more mindful on who can see it and where we allow access to such information.
IoT is not for everyone Wait, are you really saying that? After this many years of preaching, why would I say that not everyone should use it? Well, I still believe that there are some things that may be better left being done the old way. I, for one, am not in favour of doing an all-electronic voting method. I believe that the idea of using paper ballots will be the best for a long time to come (but, I am okay with them being counted by a machine). It provides a greater level of security at this stage, considering how much of a target a US Presidential election would be, as an example. I know there are other things that would fall into this category.
Unlike my colleague, I don't believe that we have enough security in the world to protect our data. However, I do believe that we need to start using more common sense to protect our data, as well as to better use the tools that we already have. Spending billions on data systems at the server level will not do any good if people leave their laptop connected to their corporate server while going to the bathroom at Starbucks. Sure, we need to constantly improve algorithms, to put better firewalls in place and to put more security at remote sites...but, all of that won't matter if I can just open your drawer to find your password...