You are currently viewing Importance of IoT Device Management as Data Security Issues Escalate

Importance of IoT Device Management as Data Security Issues Escalate

In the past decade, the Internet of Things (IoT) has established its commercial viability and multifarious examples including wearables, connected cars, and smart HVAC systems are now ubiquitous. However, the deployment of IoT devices expands beyond common life examples. Multiple industries including healthcare, retail, and manufacturing are now leveraging the benefits offered by IoT devices in order to optimize operations and save on cost and time.

Collectively, the volume of connected IoT devices has surged radically in the past half a decade and the prospects are exponential, to put it mildly. Ericsson projects 4 billion devices connected through cellular IoT by 2024, whereas Cisco estimates 500 billion devices to be connected to the Internet by 2030 – all capable of collecting data, interacting with the environment, and communicating over a network. And this just represents the tip of the iceberg as IoT promises to revolutionize several other novel concepts such as facial recognition, drug discovery, smart cities, energy efficiency, and pollution control overall.

Related reading:

With commercial values justified, overall marketplace gauged for a prosperous future, and rampant innovation activities underway to devise new applications of IoT devices, there is little to obstruct the proliferation of IoT devices in the future world, except two: how to manage IoT devices, keeping a close check on cybersecurity threats. The FBI reveals that from June 2016 to July 2019, over 166,000 incidences of data security breaches were reported, amounting to more than $26 billion.

The National Institute of Standards and Technology, the U.S. Department of Commerce, recently released draft security feature recommendations for IoT devices, baselining practical advice for using everyday items that link to computer networks. The report raises substantial concerns regarding the lack of the obligation upon a manufacturer to abide by and create an IoT device capable of integrating with a home network.

The report emphasizes on several protocols/recommendations for manufacturers to incorporate within IoT devices and those that consumers may address to on their devices’ box or online description while shopping. At present, most IoT devices are designed for meager tasks, such as sensing temperature or recording movements. What remains unused is that they run on microcontrollers and operating systems that are capable of plentiful more in the background without impeding their primary purpose. That transforms into a rich opportunity for cyberattacks and a significant risk for owners — and the companies they work for.

Many IoT devices are designed to be never seen nor heard; engineered specifically to run for years, often on slender power or even a single coin battery cell. They may be embedded in walls and ceilings or mounted on factory equipment inaccessible to maintenance workers on normal rounds. To refrain from the treats posed by these legacy tools, IoT device management tools come to the fore and provide a rich return of investment.

Post deployment of the hardware and firmware, four fundamental requirements surface: authenticating new devices to access the network, configuration and control, monitoring and diagnosing, and maintenance (including but not limited to software updates).

Provisioning and authentication

Most device producers, particularly those operating within a territory, are inexperienced when it comes to security and the vulnerability of a simple security camera. This leaves an opportunity for an attacker the breach the network. Device authentication protocol protects from such acts by establishing the identify of a new device and its trustworthiness. A cloud-hosted service that the device connects must adjudge the authenticity of a new device, is running trusted software, and is working on the behalf of a trusted user. On the other hand, provisioning is the process of allocating a slot for the device into the system. Authentication is part of that process, where only devices that present the proper credentials are registered.

Configuration and control

End users usually receive IoT devices with generic configuration. This means a few additional configurations are required, such as name, location, and application-specific settings. In order to achieve basic functionality and control, users need to reset the device remotely, ensuring the status of the device as well as recover from errors, if any. Additionally, there are further cases of the ability to return to default factory configurations.

Monitoring and diagnostics

For a system with hundreds, or even thousands, of remote devices, fault in one device can potentially hinder the financial bottom line. Small issues can impact customer sentiment enough to hamper successful business outcomes. Monitoring and diagnostics are vital to minimize the impact of any device downtime due to software bugs or other unforeseen operational problems.

Software maintenance and update

Every new software release comes to see the day of light after numerous testing, albeit some bugs always remain; new features and functionalities are added; and deployed with security vulnerabilities. Because this is not key value-adding functionality, it is viewed as an afterthought (just like documentation!) to most product developers, especially startup companies who are trying to get quickly to market. However, this is one of the most important aspects of device management – it is essential to securely update and maintain remote device software.

Effective device management is essential to create and sustain the operability and security of IoT devices. The providers of IoT applications invariably resort to comprehensive device management via their proven solutions. However, irregularity happens whenever that application vendor goes out of business and an eager customer is forced to embrace a similar application from a different vendor. Consumers are increasingly faced with unexpected device obsolescence and landfills are starting to fill up with expensive IoT bricks. What consumer IoT needs is a truly open IoT device management ecosystem that can stand the tide of time and return value of investment.

Here are some of the examples that are currently in existence and an eye on the future:

Closed device enablement

In the present scenario, most connected consumer IoT devices continue to be sold as a byproduct a completely closed, vertically integrated solution stack. A typically solution comes with the IoT devices and network access (either LAN or cellular) besides an IoT gateway and a cloud service. Each of these components are stitched together by a single vendor to work cohesively and seamlessly as a part of a closed application-layer solution. The primary benefit of closed device enablement is that it creates high consumer inertia that, while being in the best interest of the company, may not be in the best interest of the consumer.

App-specific device ecosystems

Another IoT device management model is to create a more loosely coupled, semi-closed, “device vendor ecosystem” for an application. Examples of this are Samsung’s SmartThings home automation service or Comcast’s Works with Xfinity. With these services, a multi-vendor ecosystem of devices is certified for compatibility by Samsung or Comcast with their IoT gateways. This means a consumer can buy devices from a heterogeneous mix of vendors and easily onboard those devices to enable an application. Even when the consumer indulges into an IoT device with a different provider’s service, the on-boarding process is often more complicated than it should be. That’s because the new device management process might be very different from the old one and those differences introduce an added element of complexity for consumers who are already familiar with another process.

Both approaches to device management can lead to device obsolescence and consumer frustration. If a consumer gets frustrated with the application provider (or the provider goes out of business as many startups do), the device investment is lost.

Standards-based device management may pave the future

One of the prospects for the future of consumer IoT device management, something that is more user-friendly, involves devices whose identity and firmware are managed using a standardized process and remains entirely independent from the application layer service. This means while buying a device, a consumer should be able to securely associate that device with personal identity and take control of its firmware and software, creating a standard workflow that will be supported by all providers. This means that any consumer IoT device should be easily associated with any consumer IoT gateway that supports its protocols and be able to get to the device vendor’s management service. This approach would result in the creation of a truly open consumer device management ecosystem, where device ownership and management are always under the consumer’s control, independent of the status of the application provider. With this model, the consumer could try one home automation service provider today and a totally different one tomorrow, without replacing a single device.