Four IoT security tips from Watchfinder CIO Jonathan Gill

Jonathan Gill, IT director at retailer, gave delegates at V3 sister site Computing's Internet of Things Business Summit 2016 some tips on securing IoT projects. Here's a rundown:

1. Isolate devices
Gill said that he "doesn't trust vendors" with data. So he treats IoT devices the same way that he treats CCTV cameras: each of them should be isolated on the network so that no-one can see them and they can't communicate (or be made to communicate) with another device.

2. Encryption
It may be straightforward to encrypt 200 IoT devices, but it becomes a much bigger effort and expense if a business has 20 million devices. Gill said that, for example, it could cost £1.50 per device for encryption, which would mean spending millions on encryption alone.

It would make more sense in these instances to look for other ways of encrypting the data. This is a particular challenge, said Gill, because some connected devices were made before the IoT was even thought of and may be harder to encrypt.

"This is an area that hasn't been solved very well yet," said Gill.

3. Identification
Another security measure is to find out the device's origin. "How can you prove that the device is telling the truth?" he asked.

One way is through certificate authentication. But Gill said that if the device in question has been mass produced in China, for example, how is the business to know that the device isn't exactly the same as another device?

"So if you buy the device from a production company or vendor, how do you then ensure that the equipment can be identified back to your systems?"

4. Trust
Gill warned delegates that vendors, large and small, are jumping on the IoT bandwagon. "They say they can give you the world, but sometimes you don't need the world. So always approach [the IoT] with your business in mind," he said.


Post a Comment