By: Brad Russell
Key value propositions for consumers around the smart home are noted as more security, more safety, and easy management of home solutions for communication and controls in the home. Really, the promise of the connected home hinges on the security, safety, and simplicity of protecting this advanced technology from being exploited to harm households.
In 2017, the connected home market has experienced an expansion of the kinds of attacks that have been increasing in recent years.
Attacks include:
Investment in data privacy and security by stakeholders in the consumer IoT ecosystem has never been greater. However, vulnerabilities still exist and are highlighted in the news regularly. Parks Associates research finds that nearly one-half of consumers cite strong data security and privacy concerns related to Internet-connected devices.
Security concerns can inhibit adoption for the mass of consumers who need more confidence in connected products. Whether security solutions are provided at the level of hardware, communication networks, control hubs, routers and gateways, or cloud platforms, these protections are vitally important to the success of IoT providers throughout the ecosystem.
Securing the connected home today is not as much a technological challenge as a product development, product management, and consumer behavior challenge. Current attacks largely focus on the low-hanging fruit of known vulnerabilities. Reliable security technologies and procedures are well-established for ensuring home network security, including best practices for securing routers and gateways, access management, data transport, and data storage at the local and cloud levels.
Many enterprise-grade processes that have been worked out over the years are being deployed in the home. Having product manufacturers and consumers adhere to recommended best practices appears hit-or-miss and future attack strategies require new solutions within IoT security architecture that is flexible and scalable.
Security and privacy planning is critical to the product development process. Tough decisions abound around the degree of investment into security-related strategy, hardware design, application design, networking protocol selection, platform build-or-buy strategy, integration with third-parties, cloud transfer and storage, and product testing.
Ultimately, the business model and company culture of the manufacturer serve as the foundation for these decisions. A focus on one-off sales of value-tiered devices produces minimally viable products that are a security threat to both the homeowner and the broader IoT ecosystem. On the other hand, deep investment in security by design and comprehensive support throughout the product lifecycle requires a business model that can offset these costs and still provide sufficient return on investment. A trade-off between cost and time-to-market also challenges companies throughout security planning and product testing. The consumer IoT market has seen startups and established manufacturers rush to ship connected products without sufficient knowledge of security threats or adequate plans for how long the product will live.
Another challenge resides in planning for the relationship map of a device and its data to an end customer. The enterprise segment typically has clear management of the user relationship to data, while the connected home provides complex challenges regarding mapping multiple users and their data to devices. This creates access problems and work streams with which many product manufacturers have little experience.