Is data security overrated for IoT devices?
Internet of Things has seen an astonishing amount of growth and innovation in recent times. This has led to new communication devices and new protocols evolving at a very high pace. The primary focus of these innovations has been to increase the convenience of end users/insureds. By making the mechanical devices used in daily chores smart, consumers are able to reduce their workload by automating mundane tasks like switching on lights when it gets dark & not running the sprinkler system if it rained earlier in the day.
However, the fast pace of growth has also resulted in a highly fragmented industry. There is a plethora of smart devices that are generating and transmitting a huge volume of data about the users by leveraging multiple communication options.
Further, these devices interact with pre-existing electronic items like laptops and mobile phone devices. And therein lies the danger! We are used to securing our laptops and even phones. And hence are now comfortable using them for critical functions like online banking. However, by allowing these newly 'smarter' devices to interact with the laptops and phones, we are opening ourselves to opportunities for a hacker to step in and steal our assets and information.
The only way to prevent this is by ensuring that any smart device that is newly introduced into the end user ecosystem passes the rigorous security checks that one has come to expect while using laptops.
Purple Ant has understood that and has consciously crafted this rigor into the security strategy for our solution. We achieve this via three strategic decisions that we have made.
1. Do not use intelligent sensors. We employ a hub and spoke model where the sensors are not intelligent and are limited to sharing status update periodically to a hub. This limits the intrusion opportunity to just the hub regardless of the number of sensors used. Also, these sensors are detecting moisture, temperature, smoke only so there is no danger of sending any sensitive data.
2. Use branded hubs with pre-configured sensors isolated from the rest of the user network. By leveraging stable and well-known hubs like Samsung SmartThings, we are able to ensure that the hub does not have unknown malware interacting with the user ecosystem. Further, we limit the ability of the user to add new sensors or to integrate with other smart devices within the house. This ensures that the devices are insulated from interactions with other sources of malware.
3. Leverage AWS to ensure secure data streaming and storage. Our back-end platform is built on AWS and uses its in-built security functions and features like IOT core. This allows us to piggyback on the security measures offered by AWS while retaining the ability to build in customized data processing logic.
We are still discovering the potential of smart devices through new applications that are continuously unveiled. However, like all new technologies, there is also an inherent danger in being an early adopter. B2B players like Purple Ant strive to minimize this risk while also ensuring that the users get the benefits of this amazing innovation as early as possible.