IoT Blog
IoT Blog

IoT Security in 2019: Policy Discussions Will Intensify, While New Solutions and Services Emerge

by Larry LeBlanc, Chief Engineer, Security
As organizations increasingly make the Internet of Things (IoT) a core element of their digital transformation strategies, vendors offering IoT solutions and customers deploying IoT applications are increasingly prioritizing the implementation of IoT security strategies that strengthen their defenses against the growing number of IoT cyber threats. For example, vendors are embracing Secure by Default strategies that make the most secure options the default settings in their solutions. In addition, customers are focusing more on adopting security best practices, including processes to make sure they regularly install software updates and patches, use stronger passwords on IoT devices and disable non-essential services and ports on IoT devices to minimize their attack surfaces. 

However, security is a journey, not a destination, and vendors and customers cannot relax when it comes to improving security. In 2019, we expect to see IoT vendors and customers, as well as policymakers and other stakeholders, move forward on this journey in two important ways.

Heated Discussions Regarding IoT Security Policies Increase

In 2018, governments accelerated their efforts to develop and roll out IoT security policies and standards. California passed the nation’s first state IoT cybersecurity law, the UK government issued new guidelines on IoT cybersecurity and the US National Institute of Standards and Technology published a draft interagency report on IoT cybersecurity standards

These government efforts, and expectations that there will be other new government IoT security initiatives in the future, are driving more discussion among IoT vendors, customers and policymakers of what IoT security policies governments should adopt and how these policies can and should be implemented and enforced. For example, we are already seeing very passionate discussions related to current and new proposed policies, and how these policies can best ensure the delivery of IoT device security updates, the implementation of IoT defense-in-depth, the adoption of IoT security best practices by users and the creation of a more resilient IoT.

While some may worry that these discussions will create widespread fear that leads to a slowdown in IoT growth, we believe it will have the opposite effect over the long term. Across the board, policymakers, vendors, customers and other stakeholders will recognize that an open discussion of the IoT’s security challenges will lead to better policies and standards. This in turn will increase all stakeholders’ confidence that we are building a secure foundation for the IoT, able to support its long-term growth.

The Rise of Innovative New IoT Security Solutions and Services

Even as IoT security policies – and attacks on IoT applications with weak security – continue, vendors will expand their approach to security beyond simply adopting Secure by Default strategies. This will include introducing innovative, IoT-specific security solutions and services that use advanced AI, cloud and other technologies to help customers prevent, detect and quickly recover from cyberattacks.

For example, expect to see the introduction of new IoT security-as-a-service offerings that simplify IoT security deployment and flexibility, eliminating complexity for customers’ IT teams while ensuring their IoT security systems are regularly and automatically updated in line with the latest updates. With these new IoT security-as-a-service offerings, enterprises will not just be better protected, but also be able to continue to drive rapid deployment of new IoT applications without sacrificing security in doing so.  

In addition to new services, new solutions will also emerge. In particular, expect to see new solutions that leverage artificial intelligence (AI) to identify abnormal IoT device or application behavior, enabling enterprises to respond faster and more effectively to attacks.

We have come a long way over the past couple of years in the IoT industry’s security journey, and I expect that new IoT security policies, services and solutions will help us advance even further in the coming year. 

As you move forward in your own IoT security journey, Start with Sierra. Our extensive IoT security knowledge and experience, as well as our AirLink® Management System, Octave™ device-to-cloud (D2C) data orchestration solution and other solutions and services can help you realize a more secure future in a connected world.