Securing the “God Platform” in IoT

Forbes magazine coined the term “god platform”. At the nucleus of IoT is a Command Centre that provides the user interface, data storage and sharing junction. The million dollar question is how to secure the “god platform” and the IoT ecosystem.

Inherent characteristics of IoT make Command Centre-as-a-Service (CCaaS) a compelling proposition:
– A single user interface to interact with numerous IoT operating systems and devices.
– With sensitive personal and corporate data traversing the IoT ecosystem, CCaaS can provide standards for security and privacy.

The gold rush to build the IoT CCaaS has commenced. IBM are investing $3 billion. A plethora of IoT platforms have emerged, from large established players such as Fujitsu and Intel, Oracle, as well as from emerging players such as iYogi, Jasper, ThingWorx, Carriots, Axeda, Arrayent, Kaa, Evrythng, and ThingSpeak.

However, existing offerings all have significant drawbacks, particularly in the area of security and privacy.

An effective IoT Command Centre needs to address three challenges:

1. A common user interface convention

Many existing platforms provide a template for quick development of a user interface. This is a start, but it needs more. Some applications require more tailored UIs – a blank canvas to code and a plug-in architecture is more appropriate. CCaaS must leverage the developer community in an open environment.

2. A data storage and sharing junction

A connected ecosystem requires IoT data storage and sharing. And lots of it. CCaaS provides the platform for managing storage, data sharing, and M2M communication. Sharing data between IoT systems adds utility to the ecosystem exponentially. In addition, CCaaS provides the portal to channel and merge analytics from multiple IoT systems.

CCaaS can also provide traditional BaaS/MBaaS functionality such as push notifications and integration with social networks.

Users should be able to stream a summary of metrics from the Command Centre through to their smartphone or smartwatch – keeping them in constant contact with their own network of things.

3. A common security architecture

As connectivity expands, impacts of security and likelihood of privacy breaches multiplies considerably. Security is crucial for the IoT ecosystem because of the disastrous potential for things to go wrong. A common security architecture is, by far the most vital aspect of CCaaS.

In a highly-connected society, the loss of confidentiality, integrity or availability can have significant, even life-threatening repercussions. The Command Centre should specify appropriate protocols and security and privacy standards. The CCaaS must be built from the ground-up with security at the core, and include aspects such as:

– Endpoint protection. Securing data entries from attacks such as key logging, jail breaking, MITM attacks, endpoint detection.
– Data protection. Data encryption, data classification, 5G security.
– Single Sign-On and sandboxing of applications and data.
– IoT system management such as patch management, vulnerability scanning, update management.
– Data sharing protocols – ensuring data sharing permissions are user-driven and transparent.

In the current emergence phase of IoT, we have the opportunity to get things right – building in security and privacy as an integrated element from the ground up, and designing user interfaces and data sharing that work.

Tagged:

Leave a Reply

%d bloggers like this: