How the IoT Has Invaded My Life
It is impossible to create a usable environment that is 100% free from risk. Whether in your home or business, the cost of embracing technology is accepting some risk via new IT services. The more services in use, the more vectors are created for bad guys to exploit.
The corporate computing environment is incredibly complex. Think about what it takes to service tens of thousands of workstations and servers. It involves layer upon layer of infrastructure such as routers/switches, core services such as service directories (DNS/LDAP/Active Directory), and ingress/egress technologies such as proxies and firewalls. Each of these layers requires dedicated experts to manage and deploy, but the mitigation of risk created by these layers is the job of the lonely and often understaffed InfoSec group.
Now consider a much simpler environment, the common home. Most people do a pretty good job of locking their doors and windows to create some barrier to entry. But as they add more technology to their home, they too are increasing their risk. As I look at my own environment, I see a multitude of vectors that have been created by various Internet of Things (IoT) devices:
- A wireless security system that is powered by Bluetooth and wifi, has mobile phone control to arm/disarm, and sends alerts before the police arrive.
- Wireless cameras connected to the cloud
- Yard controls that allow me to turn my heater, lighting, and irrigation on/off via a proprietary wireless transmitter connected to the cloud
- TVs and ROKU/Chromecast-like devices that connect via Bluetooth and WiFi to create their own networks in order to share content.
- Wearables have invaded my home. Three family members now monitor their vitals with FitBit, ihealth and other products, each transmitting sensitive data to the cloud.
- We are even tracking how we dribble basketballs and kick soccer balls due to Santa bringing my kids the latest IoT enabled sporting toys.
- One family member recently had a wireless heart monitor surgically installed that uploads vitals to a web site for their doctor to view.
- We have about a dozen smartphones, tablets, and laptops constantly connected and getting infected by malware.
Think for a minute how my once secure home has been opened by this new era of IoT connectivity. We already know that wireless home security is vulnerable to hacks. By connecting household controls, I’m – at minimum – opening myself up to allowing outsiders to see my daily habits, ultimately being able to profile my comings and goings.
Having been previously tasked with securing a Fortune 100 infrastructure, risk is constantly on my mind and I am waging a friendly battle with family members to walk the line of security and convenience, urging them to turn off services that are not needed, change passwords, etc. I try to put our mobile devices on a separate network so my personal files are not easily exposed. But I know the risks given my profession, many other families are oblivious to the tradeoff between the conveniences of connectivity and safety.
Companies may not have had an influx of IoT into their environment at the same pace as I have witnessed it in my own world, but it is like a freight train barreling towards them. The same technologies that have enabled my personal world to be more connected and useful are quickly being positioned for use in the enterprise. Employees are bringing new devices in en masse. Departments are looking to manage infrastructure with new sensors and controls. The major industrial control manufactures and integrators such as Honeywell, Emerson, Schneider Electric, Siemens, GE, Tyco etc. are touting how they have embraced the IoT. The time is now to start thinking about how to embrace the IoT in the environment by surrounding it with security.