My daughter has a blue rabbit in her bedroom that talks to her. The blue rabbit says whatever I ask it to say and my daughter loves to listen. She can talk back to the rabbit, and I can pick up her messages wherever I am in the world through an app and send a reply, all through the medium of a fluffy blue bunny.
My daughter is growing up in a generation that expects their things to be connected, and of course, the Internet of Things (IoT) has been on our radar here at Consult Hyperion for some time, with many of our clients looking to us to advise them on their strategy and R&D in this area.
It’s one thing successfully connecting something to the internet, it’s quite another to ensure that connection can only be used for the purposes for which it is intended. My daughter’s cloud pet was secured with a username and password, so you can imagine the long sigh, as I read the email stating:
“We recently discovered that unauthorized third parties illegally gained access to our CloudPets server. Our investigation concludes that no voice recordings or profile pictures were stolen. The stolen user account information may have included names, email addresses, and encrypted passwords.”
Cuddly toy manufacturers are not security experts. Neither are fridge manufacturers, baby monitor manufacturers or security camera vendors.
Consult Hyperion has recognised the need for stronger identity security for the IoT for a while. Indeed, In 2015, our own Dave Birch emphasised the point that a more robust approach to identity was required for the Internet of Things by coining the tongue-in-cheek hashtag #IDIoT.
Three years on, we’re finally starting to see governments and industry bodies step-up to fill the IDIoT void. Earlier on in the year the UK Government announced their Secure by Design report, proposing a common code of practice for IoT Security. This week, the GSMA announced the launch of their IoT Security Guidelines, supported by their IoT Security Assessment Scheme. So finally, frameworks are starting to emerge that could enable the delivery of IoT services across the economy with consistent security. Real industry frameworks mean real product opportunities, so we’re looking forward to helping our clients move forward, taking the IoT strategies and prototypes we have helped develop, and turning them into commercial offerings.
Of course, securing IoT isn’t just about identity and information security, it is also about payments. IoT takes on a new dimension when your things can buy stuff for you. And of course, when money is involved, fraud becomes that much more lucrative, and so the security bar is raised yet again. For us here at Consult Hyperion, IoT is starting to get really interesting.