I have spent the last week in Santa Clara attending the IoT World conference hoping to see what was new and exciting in the world of IoT. After tracking this sector for a while now it has been interesting to see all the new platforms (512 and counting) and startups that have popped up.
While I found the keynotes a great window on possible new products by companies I did get a sense that security and privacy did not get the air time it deserves. I attended many of the security sessions and, while interesting, they were more focused on product plugs versus real discussions on how to design and build security into a product. It was more buy my product or platform and you will be secure. That is scary proposition especially when vendor generated standards are used as guideline for self assessment. Lets be clear folks, vendors have their best interest at heart not yours when it comes to security.
I was also troubled by vendors stating that if customers just pay more they can add security. This is the wrong view from an executive and security perspective. The right view, in my humble opinion, should be here is what we identified as the threat profile for our products and solutions and here is how we designed security and privacy into our products and services from day one. Oh and it did not significantly increase the price of the product!
I really wanted to tell some of the top brass that lawyers are attending ISO security standards meetings globally and are planning to use standards such as those in ISO/IEC SC 27 and IEC 62443 as the base line for controls that will be expected in IoT solutions. In the event of a compromise or data breach and the ensuing lawsuit, these same corporations will be held to task on how they meet these requirements and controls. So by all means keep working on your vendor association standards but realize the actual yardstick are the ISO/IEC standards.
On the more positive side of conference, I really liked that NASA is going out its way to make software freely available to community. The breadth of expertise that has gone into some of this software is quite remarkable. I was also really impressed with the Samsung Artik HW and platform and how far it has developed in a short time. It really is making its mark as a contender in IIoT, smart cities and power generation sectors. I even signed up for the developer program and plan to buy some of the dev boards so we can start evaluating this platform for some of our projects. Other notable things were the use of embedded tags and sensors on products, and how to test just about every component being designed and built. If you are in Santa Clara next year, I recommend that you attend the vendor exhibit for next year’s show to see all the development and new products. It would of been good to see Apple and other product companies show where they going in these areas but I will keep my fingers crossed for next year.