Tackling security in an IoT world

Featured

eepublishersPublished by EE Publishers on 20 September 2016

The internet of things is here – and it is bigger than we could have imagined – is your business ready?

The internet of things (IoT) is undeniably one of this century’s biggest phenomena in terms of ubiquitous impact and, while the implications associated with this technological wave are varied, one of the most crucial – if not the most crucial of these – centres around security.

Type the words “IoT and…” into your Google search engine bar, and one of the first phrases that comes up in the dropdown menu is “IoT and security”, says Leon van der Merwe, head of digital at customer communications firm PBSA. Security is a huge concern for businesses when it comes to this emerging network of connected things. Even with the strides made in cultivating a secure internet, this vast entity is just not 100% secure.

By nature, he says, the internet is arguably impossible to fully secure – and is becoming considerably more complex as the human race starts connecting everyday hardware devices. “We are basically building an internet of any and everything.”

And, contrary to common belief, South Africa is not playing catch-up to such an extent that local businesses need not be concerned. The IoT may not be as mainstream in South Africa as it is in other, developed countries, but it is fast heading that way. Any business that even remotely values its security would be making a grave mistake by not heeding the red flags inherent in the IoT.

In fact, according to a recent International Data Corporation (IDC) report – The Internet of Things in Africa – the market for connected devices in the country will account for $2-billion of the global total value ($1,7-trillion) by 2020. As for the continent as a whole, the research firm says Africa is likely to house around one billion connected devices by the turn of the decade.

A 2015 survey revealed that 33% of South African enterprises are planning major and/or significant investment in IoT over the next three years.

Unprecedented power

We know the IoT is set to explode – globally and on our own doorstep – but we must also consider, when taking security measures, the immense power this thing denoting a connected future holds.

The World Economic Forum (WEF) designates the IoT part of the “Fourth Industrial Revolution” – an era of technological advancement characterised by ubiquitous, mobile supercomputing. Klaus Schwab, founder and executive chairman of the WEF, says the possibilities of billions of people connected by mobile devices, with unprecedented processing power, storage capacity, and access to knowledge, are unlimited.

These possibilities will be multiplied by emerging technology breakthroughs in fields such as artificial intelligence, robotics, the IoT, autonomous vehicles, 3D printing, nanotechnology, biotechnology, materials science, energy storage, and quantum computing.

Given the enormous impact the IoT will have on businesses’ security, Van der Merwe believes local companies need to take security far more seriously. Many of the larger, security-conscious organisations take their security very seriously, but they don’t necessarily have the right strategies in place. When it comes to the so-called midstream businesses in South Africa, these generally have very poorly managed security policies, if any.

Access management

But where does one start when it comes to tackling this giant, looming phenomenon? At ground level, at one of the very core aspects of your connected devices – accessibility.

One of the products PBSA’s software arm, pbDigital, advocates is identity and access management (IAM). IAM outsources all require security requirements to run on the latest international identity and access management on one centralised solution.

Contact Leon van der Merwe, PBSA, Tel 011 516-9459, leon@pbsa.co.za

Making sense of a digital web of data

eepublishersPosted by EE Publishers on 23 February 2016

There is a myriad of digital data being generated on a daily basis, with bring your own device (BYOD), social media and the internet of things (IoT) becoming increasingly prolific as internet users progress in what is referred to by local research firm World Wide Worx as the “digital participation curve”.

For companies, making sense of it can be a headache, not to mention a major drain on resources. What follows are some of the challenges – and possible solutions – around security issues that should be top of mind in today’s business environment.

It has been a constant battle for the past two decades to ensure a secure internet and, although massive advancements have been made, the internet is still not 100% secure. As we start connecting hardware devices that control things like domestic and business security systems, smart devices, personal fitness devices, tracking devices and electrical appliances – to name a few – the situation will only become more complex.

The hardware appliance is the weakest link – no matter what it is – so the hardware device needs to be built to accommodate security features like encryption, multi-factor authentication and password strength validation.

BYOD boom

While BYOD indisputably brings with it a number of benefits for companies, it also comes with its fair share of security concerns. Organisations that permit BYOD can benefit from a reduced investment in hardware and enable employees to be more mobile and have 24/7 access to network resources.

On the flip side, the possibility of jeopardising company data is a reality that cannot be overlooked. This can be caused by lost or stolen devices, insecure applications, unauthorised access by non-employees and the fact that devices can connect to company networks over insecure wireless networks.

Interlinked with BYOD is IoT – a relatively new phenomenon bringing with it similar challenges. Although IoT is not a mainstream reality in South Africa as yet, it is said to be rapidly heading that way. IoT will become a reality in South Africa without doubt. Every time our devices become smarter and faster, we move forward towards a fully connected IoT.

While growth offers a lot of opportunities, IoT, in essence, is still not mature, or secure. Adding millions of new devices, billions of lines of code, along with more network infrastructure to cope with the load, will create a new set of challenges, probably far exceeding those of the past two decades.

Despite this, it is believed that local businesses do not take security seriously enough. Even though larger, more security-conscious organisations like banks take security very seriously, they do not necessarily align their security strategies to accommodate for future demands or what the impact of their security strategy has on customer experience. So-called midstream businesses in South Africa generally have very poorly managed security policies, if any.

IAM solution

In both instances of BYOD and IoT, security is key, but this does not mean that businesses need to have specialised security needs.

One of the products in PBSA’s software division, pbDigital, advocates is identity and access management (IAM). IAM outsources all required security requirements to run on the latest international identity and access management on one centralised solution.

IAM is a customer-centric identity and access management solution that empowers users to manage their own identities, enabling the organisation to reduce customer care costs by automating the identity processes.

IAM improves customer convenience with verified social identities and provides strong, multi-factor authentication for business-critical transactions. In other words, IAM takes care of centrally managing the identities of online users, eliminating the need for organisations to spend time and recourses on manually managing user access to their networks.

This is one of the means that companies can use to address the security challenges they face amid the burgeoning of data-intensive phenomena like BYOD and IoT. IAM is designed to centrally manage hundreds of thousands – even millions – of identities, devices and their associated access to multiple networks, which is simply not doable with physical customer service or manually managed security.

IAM involves linking the correct person (device owner) to the device. The second application is managing the access rights the device has to one or more networks, and the third is encrypting the channels of communication between the device and the various networks. All of these instances are centrally managed by IAM.

IAM is one of a range of solutions companies can employ to protect their digital empire, says Van der Merwe, and security can not be ignored by companies operating in today’s digital world.

Weak security when it comes to BYOD and IoT in the workplace will affect the confidence of consumers and organisations. This, in turn, will slow the process down until strong security is adapted and users and organisations can enjoy the benefits of IoT confidently and securely.

Contact Leon van der Merwe, PBSA: leon@pbsa.co.za / Tel: 011 516 9459