The topic of securing consumer IoT devices has been on the wider industry’s mind for a while but has recently gained mainstream attention; in part due to the recent spate of high profile & publicized attacks
1. Threats to Consumer IoT are real… and rising
Once thought to have been confined within industrial / enterprise domain, everyday consumer Smart Home / IoT devices are increasingly becoming the targets of large scale threats such as DDoS attacks, viruses, malwares, spywares, trojan, ransomware and other privacy & security breaches
The growing consumer awareness of IoT threats can be traced to the increasing number of malicious attacks on (now) everyday connected home devices in recent times; most notably from last year’s large scale Mirai attack
These privacy & security concerns only compound as IoT devices increasingly enter to perform more sensitive & personal tasks in our lives (think: home security monitoring, baby monitoring, door locks, etc.)
And… it could take just one vulnerable (interconnected) IoT device to wreck havoc across the smart home network
Continuous (preventable) attacks may impair long term consumer confidence
Various research firms ‘predict’ billions of connected IoT device ownership within the next decade… but only if consumers’ confidence in IoT holds up!
Interoperability issues aside; the rising spate of attacks on everyday connected devices (IP cameras, baby monitors, et al.) alone is leaving consumers warier
Gaining consumers’ confidence would be an uphill battle when the very smart home security camera designed to keep them safe is hacked to broadcast their private lives[LIVE] to the world or their smart door lock has been unlocked remotely to allow access to intruders
2. Industry mainstays & start-ups alike finding an opportunity in neutralizing IoT threats
There are 4 key nodes at which the IoT ecosystem can be secured against potential attacks, exploits & privacy intrusions – namely
- Hardware / Terminal devices
- Software / Apps / content layer
- Cloud infrastructure
- Network (WiFi, cellular, fixed, etc.)
These can be achieved through a myriad of security measures (think: encryption, cryptographic keys, biometric authentication, secure enclave, brute audits, etc.) – we shall dwell deeper into each of these nodes in future posts
Myriad of value chain players; from industry mainstays through to start-ups are discovering ancillary revenue opportunities in addressing various types of consumer IoT threats
One emerging solution to secure IoT @ Home
Most IoT hardware manufactures aren’t security experts…
…some may even knowingly skip advanced security measures to reduce build costs & gain a price advantage (volumes game)… either ways… hardware / terminal device security has a long way to go
One other (local) node-point…
…that has been gaining prominence has been the home-network gateway itself and traditional security vendors such as Symantec & Bitdefender have been unveiling their consumer IoT security solutions recently
Acting as data guardians…
…these ‘IoT security hubs / routers’ sit guard between the plethora of home connected devices and the ‘outside world’ they communicate with; claiming to scan every transmitted data packet for any malicious code
Industry mainstays…
…such as Symantec (maker of Norton security products) for example has begun taking pre-orders for it’s network security hub that specialized in identifying threats flowing between all home connected devices (particularly IoT terminal devices) and the wider network
Even start-ups…
…such as Cujo & Dojo are getting into the Home IoT security bandwagon with their respective hardware & accompanying services
Machine Learning & AI…
…will take front seats in predicting & neutralizing any potential threats before they occur and are being actively integrated by most of the aforementioned providers in their respective propositions
3. A new kind of SaaS joins the subscription club
IoT Security-as-a-Service (SaaS) offerings could range from outright security hardware sale through to a one-time security monitoring fee… but it is the (recurring revenue) subscription model that would emerge as the mainstay of the industry
According to Markets & Markets research; the wider IoT security market is expected to grow at a CAGR of 34% into a $29B business by 2022
The primary value proposition offered by IoT-security service providers is their ability to continuously monitor, predict & neutralize any threats in real time…
…for which; the most suited (& lucrative) model is the subscription model with potentially perpetual revenue opportunity to the service provider
For example in the case of Norton Core security hub – the value add provided by the $9.99/mo.subscription is live-monitoring of threats by an “actual team of security experts” who push security patches to the device in real-time
Expect many more such subscription-based services from other value chain players to pop up in the near future
So…
As the broader consumer IoT / Smart Home segment itself proliferates; malicious attacks & privacy intrusions are only expected to grow & evolve at a rapid pace
Every IoT value chain player; from hardware vendors through to wireless carriers, software developers & even service providers are taking consumer IoT security seriously and responding with their own version of solutions to counter threats
Standalone IoT devices that are designed with security-first features & include some sort of ongoing security support would uniquely position the manufacturer’s value-proposition in a crowded market
In an ideal world, every single IoT value chain provider would adopt a single set of IoT security protocols for their hardware, software & services… but until that ideal time of universal interoperability arrives…
…expect integrated solution providers who offer a unified smart solution (devices + services + end-2-end security) along with frictionless ‘out-of-the-box’ consumer experience to emerge as front runners in the consumer IoT race
IoT Security could become a unique ‘brand label / exercise’ (think: organic / sugar-free / fat free in the grocery world) that manufacturers / service providers could capitalize on to further distinguish their ‘products on shelves’ & increase consumer interest / attention
In the forthcoming post, we shall explore other facets within the broader IoT security topic; including security pertaining to the backbone of IoT – Networks & the role Wireless Carriers play in securing cellular-based IoT solutions
Stay tuned!