Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Gartner: Makers of things for Internet of Things undervalue security

Tim Greene | Feb. 13, 2015
User friendliness and getting products out the door take precedence.

As the Internet of Things develops, most vendors that are making these things don't make security their top priority, allowing business considerations to take precedent, according to a Gartner expert.

"Some of the leading vendors that are developing products are making some effort to address security concerns, but Gartner believes the majority aren't at this stage -- convenience, user friendliness, time-to-market all win out over security at this point," says Earl Perkins, a research vice president at Gartner.

Makers of components for these devices often do address security as evidenced by ARM buying up software security firm Offspark this week so it can put TLS encryption right inside ARM's mbed operating system.

"Gartner views this acquisition as indicative of a general trend in the industry by companies previously concerned about chipsets and firmware now recognizing that software-defined security will play an increased role in their future sales," he says.

"More such purchases by such vendors will occur this year. While not at liberty to go into much detail regarding specific vendors due to the ongoing, early nature of their development, you already see this in prominent vendors such as Intel, who began this journey years ago and has completed several acquisitions to build out their portfolio for IoT application development and security."

But too often that doesn't carry over into the products those components go into. Because builders of devices might not be as security conscious as component manufacturers, customers need to carefully evaluate on their own the security of the products they do buy and see that they don't have weaknesses similar to those that plagued mainframe-to-client, client-to-web, web-to-mobile and cloud architectures in their formative stages, he says. "Raising the level of awareness among enterprise user and consumer alike so that they demand that IoT security not be a repeat of past performances," Perkins says.

Earl Perkins, a research vice president at Gartner

HP studied consumer devices built for the IoT and concluded they lack important security measures. A study done last year looked at 10 of the most popular devices, and a second study, just released, of 10 of the newest home security systems both found security lacking. HP didn't name what devices it looked at in either study.

The best advice HP could offer enterprise customers is to partition IoT devices from the rest of the network so if they are compromised damage can be contained and to turn on security features that might not be activated by default. These could include boosting password strength, locking accounts after a certain number of failed login tries and requiring two-factor authentication, HP says.

This is of such a concern that HP sponsors a study group called the Internet of Things Top Ten within the Open Web Application Security Project (OWASP) to raise awareness about security issues customers should weigh when building, assessing and deploying IoT devices.


1  2  Next Page 

Sign up for CIO Asia eNewsletters.