IoT Data Security: Challenges and Solutions Explored
What is IoT?
The Internet of Things (IoT) is a concept which describes a network of Internet-connected devices able to gather and exchange data. This can be an automobile built-in sensor, a networked camera, a heart monitor implant, an injectable ID chip for a farm animal, a remote control electrical outlet, etc.
IoT includes any device that can transfer data over a network. The concept of IoT enables communication between these items and other computing devices, such as cloud servers, computers, laptops, tablets and smartphones.
IoT technology can be found in many industries, including healthcare, energy, transportation, manufacturing, retail, precision agriculture, building management (creating a smart home), infrastructure management.
Gartner, the world’s leading IT research and advisory company, predicts that by 2020 the number of IoT devices will go beyond 24 billion, with businesses and governments being the biggest adopters of IoT solutions, because it is expected that IoT would help to significantly lower operating costs and increase productivity.
IoT allows users to remotely switch devices on and off, control temperature gauges and lightning, monitor and manage a home. Connected devices are now enabled to communicate with each other and exchange data with little or no human intervention. IoT makes life more fun, but at the same time it raises a wide range of data security and privacy issues.
IoT and data security
The amount of generated data is constantly growing, and database administrators are increasingly and inevitably challenged in terms of scalability and security. How should all these data be collected, categorized, processed, and regulated?
Protection of sensitive data has always been the primary concern among consumers and businesses as connected devices flood data centers with increasing volume of information. In many cases these devices lack protection at the software and infrastructure level. With great number of devices and environments in which they operate, there is no single standard for device-to-device authentication or how devices can securely connect to cloud services. With this in mind, companies realize the necessity to change their approach to how sensitive and regulated data is processed and protected.
Cyber attacks are also a very real threat. IoT devices open the way for hackers to penetrate connected vehicles, critical infrastructure, and even people’s homes.
IoT platforms use different kinds of sensors that measure movement, temperature, humidity, etc. The data obtained from the sensors must be sent to a cloud database once in a certain period of time. Databases must be highly available and fault tolerant. Once implementing security measures, you should also take into account the amount of dynamic resources that a security solution will utilize. DataSunrise Security Suite protects on-premises and cloud databases from unauthorized access and SQL injections, causing minimal effect on the database performance. It maintains a secure environment for functioning of IoT platforms with the help of scalable privacy policies and a self-learning mode that generates a list of safe intracompany transactions. DataSunrise is a multifunctional tool to handle and automate database security procedures that provide data masking, database firewall, activity monitoring, and data discovery capabilities in a single integrated solution.
Is the threat real?
The experiment, conducted by Chinese security researchers, revealed that it is possible to take remote control of a Tesla Model S from 12 miles away in both Parking and Driving Mode. After several months of in-depth research, the team was able to interfere with the CAN bus, the car’s controller area network that manages all electronically controlled features from indicators to brakes.
Hijacking the car’s CAN bus made it possible to remotely move the seats back and forth, trigger the indicators, wing mirrors, windscreen wipers, open the sunroof and even control the car’s brakes. To implement the attack it was required for the car to be connected to a malicious Wi-Fi hotspot set up by the researchers’ team, and it could only be triggered when the car’s web browser was used.
Researchers reported multiple vulnerabilities to Tesla. The company fixed the bug within 10 days, releasing an over-the-air software update, that addressed the potential security threat.
Conclusion
The growing number of connected devices multiplies the number of potential points of vulnerability and provides hackers with new ways of breaking into corporate databases. These potentially vulnerable devices can be easily exploited because by their design IoT devices are built with lightweight security, and being connected to the Internet also makes them highly susceptible to intrusion and attacks. In the era of IoT organizations are required to reevaluate and transform their approach to data security needs, so that they could figure out ways to store, process and manage the vast amounts of generated data and make sure that it is secure.