IoT security. Is there an app for that ?
The Internet of Things World conference investigates IoT application development, security, and business models.
Let’s be honest. When was the last time you read the ‘Terms and Conditions’ before downloading a smartphone or tablet app? No? Okay, I’ll go first.
I think I saw something about that before downloading a free flashlight app I used to find widowed socks under the bed. Then a couple weeks later this happened:
For Millennials like myself, the “information required” asterisk that accompanies “free” app price tags has, to date, typically carried with it the annoying but tolerable consequences of irritating pop-ups, not-so-coincidental banner ads, or spam emails that are deleted before ever being opened. With today’s smartphone, tablet, and other web-based applications, this is an expected norm. But while we currently assume that regulatory compliance and company reputation provide a level of security to our online interactions and identities, third party advertisers will be the least of our worries in the app-centric Internet of Things (IoT).
For the average person, the IoT will have the greatest day-to-day impact by blending data from multiple sources, essentially creating “personal profiles” that optimize the environment to fit tastes, habits, and schedules. But, for all the potential that melding location, usage, and other types of data brings, it also changes the game from a security perspective in that no longer is just personal and financial data at risk, but also physical infrastructure and devices that could have a direct impact on people’s lives. Take, for example, the possibility of wearable electronics issued to patients after being released from the hospital. They could conceivably:
Patient excluded, four parties could reasonably require access to application data: physicians, emergency responders, insurance providers, and the device manufacturer (not counting business associates that provide billing or legal services). While HIPAA outlines privacy rules for some of the described data, multi-source information could conceivably be accessed regularly by multiple individuals. How can we ensure that only relevant data is available to each entity, and, summoning Edward Snow
den and the Target data breach, that the information provided is securely stored and handled?
This is a big question for the IoT, as it requires enterprise-class application protection that spans from the device to back-end infrastructure. From a software perspective, this requires a layered approach to security that ensures applications are uncompromised from initial execution through future access.
As a widely used and highly scalable software platform, Java has traditionally used a sandboxing approach that isolates application execution within certain processes (so, Location-Based Services (LBSs) in our example could be activated once a biometric alert is issued). However, to manage the complexity of IoT security, Oracle has developed a number of technologies to improve data integrity from edge to cloud:
Java ME 8 is supported by System-on-Chip (SoC) platforms from vendors such as Freescale, Qualcomm, and ST Microelectronics, and recently added a port for Raspberry Pi as well.
Access Management, Identity Governance, and Mobile Security are key elements of the Oracle Identity Management (OIM) technology suite.
As consumer awareness rises about the risks and rewards of the IoT, comprehensive security will have a greater impact on the company reputations buyers rely on for connected applications; and, without consumer confidence, IoT apps and services will struggle to become the $19 trillion market some analysts project.
On June 17th and 18th, the Internet of Things World conference in Palo Alto, CA is assembling more than 100 speakers from across the embedded industry to define and discuss challenges like IoT application development, and will include keynotes such as “Building the Business Case for IoT” from Oracle’s Henrik Stahl. You can view the event program or find out how to take part at www.iotworldevent.com/register.
If you’re interested in meeting at the show or just want to talk tech, feel free to drop me a line. Meanwhile, I’ll be looking for an app that reads the terms and conditions of my apps, although I guess I’d have to read those terms and conditions too. But nah, they’d at least have to have my best interest in mind, wouldn’t they?
A testing methodology for managing the permutations of parameters while testing…
Intel’s vision in enabling secure and seamless solutions for the Internet…
Using the Web to Build the IoT is a free book built as a collection of six…
Internet is huge! Help us to find great IoT resources and products.
The ioTStash is a collection of all the best resources and products related to the Internet of Things.
Discover the Internet of Things and beyond.