Chapter 5. Security Is Your Job

Security has to be one of the first things you consider when you design a connected device. Customers are far more sensitive about data generated from things they can touch and handle than they ever have been about data created on the traditional Web. Big data is all very well when it is harvested quietly, silently, and stealthily, behind the scenes on the Web. Because, to a lot of people, the digital Internet still isn’t as real as the outside world. But given the IoT’s connection between the digital and physical, the stakes are high.

Ignoring security for a connected device, or even leaving it until later in the development process, is a mistake. It needs to be engineered into your device from the start. These seemingly smart devices are attractive to hackers because for a lot of manufacturers security is still viewed as an afterthought.

A Unique Security Problem

Even for devices with good security, the IoT presents a unique security problem. In the past, a great deal of computer security has relied on attackers not having physical access to the computer, but with an IoT that’s the point—with small devices spread all over the office, factory, and more, it opens up a whole new can of security worms. This physical vulnerability of IoT devices means that attackers can leverage their access to a smart device to gain further access to a corporate network, and potentially compromise much more than just a single device.

Authentication and Authorization ...