IoT has become gained so much popularity due to the simplicity of being able to easily acquire a micro-controller, connect a few sensors or relays and then connect it to the internet and publish its secrets. The opportunities created based on the deployment of these devices has sparked a global interest and mass following.
A lot of manufacturers jumped quickly on the IoT bandwagon with the focus of being first to market and in the hands of consumers. While in some cases devices implement limited security measures, many manufacturers do not focus on the sustainability of their devices once they are deployed.
Unfortunately; while putting together an IoT device and deploying is the considered the fun part - there is so much more that needs to be considered to ensure the longevity of a device one deployed. In most cases no-one wants to put the time or effort into it it is costly to implement and maintain.
Let's consider the typical lifecycle of any device - to give the discussion context.
Any device, regardless if it is within the space of IoT or not undergoes three broad phases in its lifecycle that everyone can relate to and understand, much like our own live - an object is born, it serves a purpose and then eventually dies.
IoT Lifecycle: Birth
There is more to deploying devices than simply plugging it in - they generally need to configured, provisioned and commissioned to the field. Once a few tests are performed and calibrations are complete, the devices are ready to go.
IoT Lifecycle: Service
A device will spend the majority of its existence in this phase, reporting back to a centralized server periodically with information and waiting for commands. In the majority of cases, this is what IoT devices do when deployed - flawed by design.
It is very complicated to introduce maintenance and tracking; to perform tasks like firmware updates, keeping tabs on the device performance and identifying if there are any out of the ordinary events occurring. If a device is compromised, such as repurposed to be part of a botnet - the manufacturer wont know, nor do they care.
Manufacturers have taken the easy way out and leave it up to the consumer to manually install updates and service the devices. In the ideal world, they will build a new generation product and hope the consumer is on board and upgrades.
IoT Lifecycle: Death
At some point in time; a device will no longer serve its purpose and will need to be decommissioned. With no maintenance plans in place, many devices will continue to stay online, congesting the airwaves, unless they are physically disabled.
A lot of discussion happening in IoT community has been around device security.
There is a lot more to securing the Internet of Things than device security on its own. With a projected 50 billion devices to be connected by 2020, the secret to security will be around building manageable and maintainable IoT ecosystems.
It wont be about individual devices, but on the management of the devices from a higher level; dealing with how they are configured, deployed, used, maintained and eventually decommissioned from service. IoT should no longer about connecting devices to the Internet, but focused on managing the lifecycle of multiple devices from a centralized source.
Only then, can we start to truly address security within the Internet of Things.