Is technology advancing and evolving faster than our collective mindset? It’s an interesting thought, and perhaps easy to confirm when you start considering connectivity. Today, we have the Internet of Things, and we enjoy the hyper-connectivity it provides if only we can get ourselves to trust it. Our security technology is lagging behind, so how do we enhance trust in connected things?
The fact is that our security technology has many failings, and IoT can make it even easier and devastating to get compromised, as it connects the physical and digital world. Fortunately, there are means to enhance our trust in IoT and make its use safer for everyone.
The first thing that needs to happen is increased security on the technical level. That means we need to come up with ways to reliably verify which user has access to what information on various devices, among other things. One of the many advantages of connecting your devices is that you can affect their state from anywhere — but so can anyone else if they penetrate your security measures. So, we need to review those security measures, come up with better ones and test them extensively against any possible threat.
A lot of the burden of responsibility will have to fall on the device itself. As many connected devices can be used in so many different ways, each needs to have a measure of self-defense already included with all its other features. That ensures the simplicity of function for the end user, while also helping them understand the integrity of their connected devices.
Manufacturers, laboratories and developers need to become as transparent as possible about security and their efforts to enhance it. They need to be able to answer user questions such as how their information is protected in different cases, how IoT devices can defend against malwares or what proof these claims to be true. The manufacturers and developers need to build secure software and hardware solutions and be able to guarantee for their security.
In this climate, the reputation of a manufacturer could become one of the most important parameters when it comes to customers deciding on where they want to buy their devices. And we will have to rely on it as a telling sign as to whether or not our information will be secure and our device networks uncompromised.
The whole subject of cybersecurity, especially concerning IoT, is still very much a gray area. We don’t have enough regulations to help people stay safe. As a user, you need to know who’s liable in case of breached security, and whether or not you can seek help from the manufacturer or a developer. In other words, trust in this context is all about reliance — whether or not you can rely on the device or its manufacturer to protect you. To be able to do that, any commitments, contracts, liabilities, etc. need to be regulated using legal means.
Human-Centric Trust Model
To summarize, what we need to enhance trust in connected things is a human-centric trust model based on technical, social and legal means. Well designed Security Certification & Assurance Frameworks combine all the three means together to provide a level of trust in connected devices. When it comes to cybersecurity, no technological advancement is too small.