IoT boom needs to be matched by security - report by Hannah Breeze
The risk of security breaches is higher than ever thanks to the boom in the Internet of Things (IoT) market, according to an industry group, which has published a list of guidelines on how to keep IoT kit secure.
The Online Trust Alliance (OTA) – whose members include Microsoft and Symantec – has published a lengthy list of principles to which IoT manufacturers and sellers should adhere in order to keep users safe and their information private.
"As consumers and businesses increasingly rely on IoT devices, the security and privacy risk is amplified," the group said in a report about the new framework of rules. "As a guiding principle, the framework has been developed to apply to all connected home and wearable products. Representing the input of nearly 100 participants, broad consensus is reflected in the framework.
"Security and privacy by design must be a priority from the onset of product development and be addressed holistically. It must be a forethought versus an afterthought, focusing on end-to-end security and privacy."
The framework comprises 23 points of advice which it believes IoT vendors should follow. The points cover a range of issues including making privacy policies readily available to users, disclosing personally identifiable data types, and ensuring that any third parties that receive user data agree to strict confidentiality terms.
It adds that manufacturers must have a breach response and consumer safety notification plan which is reviewed regularly and that the term and duration of data retention must be disclosed.
Craig Spiezle, OTA president, said the implementation of security practices must match the speed at which the IoT trend is booming.
"The rapid growth of the Internet of Things has accelerated the release of connected products, yet important capability gaps in privacy and security design remain as these devices become more and more a part of everyday life," he said. "For example, with a fitness tracker, does the user know who may be collecting and sharing their data?
"When you purchase a smart home, what is the long-term support strategy of patching devices after the warranty has expired? How do manufactures protect against intrusions into smart TVs and theft of data collected from device cameras and microphones? What is the collective impact on the smart grid or our first responders should large numbers of these devices be compromised at once?"