Internet of Things projects can yield data and insights that help companies operate more efficiently and improve products, but also give hackers additional targets to attack.
Expect more malware like Stuxnet, a worm that went after Siemens industrial control systems and mostly infected computers in Iran, said Alan Tait, CTO of Stream Technologies, a London company with technology that enables machine-to-machine communication.
“As we connect more things to any form of the Internet, even if there’s security, people will still go after them,” he said.
Tait, along with other speakers on different panels, appeared at the LiveWorx conference in Boston on Wednesday to discuss how companies are handling IoT security issues and finding value in linking devices to the Internet.
Often, corporate security policies mainly focus on securing hardware that workers use. With IoT, the security perimeter extends to devices operating outside of an office that link to critical systems, a point companies miss, said Sunder Somasundaram, director of global IoT sales at AT&T.
“It’s amazing how many employees will lock down their employee’s laptops but they have devices in the field that talk back to their data centers,” he said.
However, while keeping data safe is important, sometimes business over-think security, said Syed Hoda, CMO at ParStream, which provides a data analytics platform for IoT systems.
“There’s some data you have that nobody really cares about,” Hoda said, adding that companies need to “get smart” about what data matters.
The focus needs to be on securing data that, if exposed, can damage a company, Stream’s Tait said.
Much of the innovation going on in IoT comes from small companies, which might not have security as a priority, panelists said.
Companies need to look at how data travels through their IoT networks and figure how to keep it safe, both on site and in the cloud, said Alan Atkins, vice president and global head of IoT at Wipro.
While data that’s sent to a cloud needs to be secure during transit, taking that step “doesn’t make sense” if the cloud handling the data isn’t secure, noted Andreas Laumann, chief software architect at Exceet Secure Solutions.
Meanwhile, IoT has received a lot of hype, but “the reality is some things are coming to life,” Par Stream’s Hoda said, mentioning that some insurance providers are offering customers IoT devices to place in their car to monitor driving, and offering policies based on the data they collect.
“When it makes money and people like it, there’s value,” Hoda said.
Some businesses that have launched successful IoT projects include an Australian mining company that remotely operates heavy equipment in isolated areas. This allows the company to operate in more dangerous locations without threatening worker safety, said Allan Alter, senior research fellow at the Accenture Institute for High Performance.
Airbus applies RFID tags to airplane seats, life vests, galley carts and other components found in an aircraft’s interior to cut back on assembly time, said Tim Butler, CEO of Tego, which supplies the aircraft maker with the tags.
Hoda suggested companies appoint a “chief IoT officer” since such projects have results that lie outside of the CIO’s domain.
“IoT isn’t an IT project. It’s a business project that uses IT,” he said.
To reap benefits from IoT projects, companies need to quickly use the data they collect, Hoda said, citing ParStream research that looked at the return their customers saw on IoT investments. Companies that were faster to react to the data saw returns on investment, he said.