You may not be interested in the internet of things yet, but the internet of things is interested in you.

Cloud Security Alliance (CSA) is a global non-profit organization that shares information about the standards, best practices and proper education to help secure cloud computing. For nearly 10 years, CSA has helped an untold number of organizations around the world protect themselves from cybercriminals and become more productive by securely implementing cloud computing to transform their businesses. While cloud computing is what we are known for, we also research security issues in virtually any type of emerging technology, and we would like to share our perspectives on one of the most important trends changing our world: the internet of things (IoT).

An emerging technology

... IoT security will be an endless journey with no final destination.

The internet of things is such a broad formulation that it is a challenge to wrap one’s brain around it.  Putting computer chips into anything from clothes to airplanes and connecting them to the internet is such a vast concept that it is impossible to capture all the ways this will change the world for better or worse. What we do know is that we are moving full speed ahead, with “smart” meters, homes, buildings, cities — just about everything is being prefixed with “smart.”

Analyzing risk

At CSA, we are trying to attack the IoT problem from many angles. One angle is threat analysis. Some threats are fairly overt — we all understand the consequences of an autonomous vehicle that gets hacked. What about all the devices that are silently capturing massive amounts of information about you that you may want to be kept private?

Another angle is human-device interaction. Soon, people are going to be radically outnumbered by devices. In traditional security, one of our best tools is user awareness, but this seems less useful when one is no longer aware of where exactly the computers are. We know automation is crucial, but it also needs a system of checks and balances.

Still another angle to understand is the economics behind IoT. IoT devices run the cost spectrum from less than a penny to hundreds of millions of dollars. For extremely cheap IoT devices, security is most likely an externality, i.e. delivered from the cloud through the network.

Like most of cybersecurity, IoT security will be an endless journey with no final destination, and organizations like CSA are trying to map the terrain. Our hope is that all players in the IoT ecosystem are paying adequate attention to the problem and are active in securing all the things.