The potential of connected devices, or the Internet of Things, has at times been challenged by reports of security problems. But the Online Trust Alliance says the real problem is poor security policy.
Think the era of the Internet of Things (IoT) is problematic from a security perspective?
It might be, but those security problems aren’t all that different from the ones you’re already working through at your organization in other contexts.
That’s the take of the Online Trust Alliance, which argues that security issues posed by wearable devices and other connected tools are often avoidable with traditional strategies.
“In this rush to bring connected devices to market, security and privacy [are] often being overlooked,” OTA President and Executive Director Craig Spiezle said in a news release. “If businesses do not make a systemic change, we risk seeing the weaponization of these devices and an erosion of consumer confidence impacting the IoT industry on a whole due to their security and privacy shortcomings.”
OTA, which began working on an IoT Trust Framework last year, conducted research on security incidents involving connected devices, analyzed whether relying on the framework would have prevented a security incident, and then combined research to inform its point of view on the issue, which it revealed this week as part of its “IoT Trust Framework Resource Guide.”
Among the issues that OTA found common with IoT security breaches were poor credential management, a lack of security testing, a lack of transparency around data collection, and a lack of planning for addressing vulnerabilities.
“Security starts from product development through launch and beyond, but during our observations we found that an alarming number of IoT devices failed to anticipate the need of ongoing product support,” Spiezle said.
The group developed its IoT Trust Framework, released in March, with the help of a number of major companies, including Microsoft, ADT, and American Greetings, along with the National Association of Realtors.