With billions of IoT devices deployed and used by consumers, enterprises and authorities, it is no wonder IoT security is high on everyone’s agenda. But to date, very few IoT security solutions have been widely deployed, and we are certainly far from reaching mass market adoption the equivalent of IT security.
We previously touched upon the subject of IoT security myths that affect adoption, but through our discussions with customers and analysts, we have identified seven additional reasons for this, including:
- IoT Security awareness is lacking
While the overall awareness of IoT and its perils is reasonably high, there is a general misconception that IoT risks are limited to botnets and widescale attacks alone. The Mirai botnet certainly raised the profile of IoT security, but botnets are far from the only type of threat emanating from insecure IoT. Privacy violation, extortion, physical damage, and the draining of computing resources are just a few of the additional threats that come to mind, and until decision-makers internalize this, it will be harder to persuade them to invest in proper security.
- Lack of clear use cases and success stories for IoT Security
Nobody wants to be the first to test a solution, and without a clear understanding of how the solution is applicable to one’s business, it is hard to consider adopting it. With IoT security solution success stories few and far between, it is not surprising that decision makers find it hard to envision how such solutions will impact their own business.
In traditional IT, it is clear that consumers need to maintain the security of their data online and at home, and corporations are aware that they need to secure their employees’ and clients’ data. However, when it comes to IoT security, the general rule seems to be “every man for himself”; consumers are told to ensure robust passwords or even deploy home security solutions, and enterprises are encouraged to install IIoT/ E-IoT solutions, all under the notion that IoT Service providers are unable to provide decent security levels. With this mindset, it’s no wonder that IoT providers are delaying the decision to invest in security until regulators, customers or shareholders mandate that they do so.
- Deployment cost
IoT deployments are very cost-sensitive. Devices are built from generic components with cost savings in mind, and are deployed by field technicians with no particular IoT or security training. This is done to keep costs low and reduce the overall price for consumers / end users. This focus on affordability also means that IoT security solutions must not incur additional costs on the devices or deployment. Recalling devices in order to deploy a hardware security solution is out of the question, and so is installing expensive software products on edge devices and gateways.
- Operating costs
Service providers and enterprises who deploy IoT security solutions are also concerned about operational costs, which can increase the overall cost of service for end users. These costs can include recurring licenses, expensive manpower, the need for fixes and patches, and investments in training and maintenance.
- Operational concerns
Deployed IoT devices are, by default, in production mode. It is inconceivable to hamper performance in order to deploy security solutions. Likewise, it is unacceptable to expect any degradation in the quality of services associated with security, be it slower performance, downtime or bugs.
- Lack of skilled manpower
The IT security world currently has about a million fewer security professionals than it needs. It is hard even to estimate how large the demand is for IoT security pros. It is unlikely that this gap will be filled soon, if ever, and companies are concerned that security solutions will not function properly without skilled manpower to operate them.
There is clearly a disconnect between how customers perceive IoT security risk, challenges and benefits, and how the industry is addressing them.We at SecuriThings have done our utmost to create a security solution that is frictionless and requires little customer oversight, yet delivers real security benefits. To learn more about SecuriThings’ iSOC- the world’s first fully managed service for securing IoT solutions, please contact us at [email protected].