{"id":1627,"date":"2019-04-09T02:24:42","date_gmt":"2019-04-09T02:24:42","guid":{"rendered":"http:\/\/kusuaks7\/?p=1232"},"modified":"2023-07-21T15:58:39","modified_gmt":"2023-07-21T15:58:39","slug":"iot-security-a-simple-matter-of-common-sense-for-product-developers-and-investors","status":"publish","type":"post","link":"https:\/\/www.experfy.com\/blog\/iot\/iot-security-a-simple-matter-of-common-sense-for-product-developers-and-investors\/","title":{"rendered":"IoT Security: A simple matter of common sense for product developers and investors"},"content":{"rendered":"<h2>Security basics should be part of any MVP. Period<\/h2>\n<p>After almost 5 years (at least) of constant media coverage around IoT privacy invasions and security breaches, it is staggering to see some sectors of the tech industry apparently still struggling with those matters.<\/p>\n<p>For many analysts, it all boils down to costs; for others, to the limitations inherent to the size of some sensors and the amount of functionality which can be coded on them.<\/p>\n<p>Both aspects are obviously linked (more powerful chips cost more), but the situation is probably more complex and rooted in deeper problems.<\/p>\n<p>First of all, the security of any IoT product should be seen as a functionality, not an add-on, and treated as an inherent component of any use case. Basic security good practices will vary depending on the usage of the product but should be part of any MVP.<\/p>\n<p>So why is it not the case, with so many products?<\/p>\n<p>Let\u2019s eliminate the issue of costs first of all: Yes, security costs money, but when launching a product, every functionality does. The costs issue hides in reality a fundamental prioritization problem, and the perception by product developers that customers will value other functionalities more.\u00a0<a href=\"https:\/\/www.techrepublic.com\/article\/consumers-now-value-security-over-convenience-on-apps-and-devices-report-says\/\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\"Research (opens in a new tab)\">Research<\/a>\u00a0has started to emerge over the past few years showing that, in fact, this is less and less the case.<\/p>\n<p>Rush-to-market is also often cited as a cause, but again that points more towards a prioritization failure. An insecure product should not be seen as a viable, market-ready product.<\/p>\n<p>This should not be seen as a side topic in cyber security conversations: The Internet of Things is becoming a cornerstone of the digital transformation in many domains. While some security breaches can be\u00a0<a href=\"https:\/\/www.washingtonpost.com\/news\/innovations\/wp\/2017\/07\/21\/how-a-fish-tank-helped-hack-a-casino\/?utm_term=.83b9b8193628\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\">laughable<\/a>, others can have devastating consequences, for example in the\u00a0<a href=\"https:\/\/www.theguardian.com\/technology\/2017\/aug\/31\/hacking-risk-recall-pacemakers-patient-death-fears-fda-firmware-update\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\"healthcare (opens in a new tab)\">healthcare<\/a>\u00a0industry.<\/p>\n<p>It is really the\u00a0<a href=\"https:\/\/corixpartners.com\/security-privacy-by-design-a-cultural-revolution-and-a-matter-of-corporate-social-responsibility-for-tech-firms\/\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\"culture (opens in a new tab)\">culture<\/a>\u00a0of some sectors of the tech world which is under the spotlights here, and with it, the short-termism of some of its investors.<\/p>\n<p>Of course, failure to take this seriously and act can only lead to politicians and regulators involving themselves further to protect consumers and citizens. We highlighted it in a 2015\u00a0<a href=\"https:\/\/corixpartners.com\/wp-content\/uploads\/2015\/01\/Corix-Privacy-in-IoT-BigData-Cloud-2015.pdf\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\"white paper (opens in a new tab)\">white paper<\/a>, and beyond the measures already triggered by GDPR where personal data is involved, this is now\u00a0<a href=\"https:\/\/www.welivesecurity.com\/2018\/10\/10\/california-outlaws-poor-default-passwords-connected-devices\/\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\"starting (opens in a new tab)\">starting<\/a>\u00a0to happen across a broader spectrum of the tech landscape.<\/p>\n<p>Frankly, given the virulence and widespread nature of cyber threats, the need to take security seriously and embed it natively into IoT products should be seen as a simple matter of common sense for product developers and investors. Beyond good ethics, it has quite simply become a matter of\u00a0<a href=\"https:\/\/corixpartners.com\/cyber-security-governance-ethics\/\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\"good business (opens in a new tab)\">good business<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>IoT security issues arise from ill-advised prioritization and the inherently short-term culture of the tech world. Security should be seen as a fundamental requirement for any IoT product&mdash;even MVPs. As the attitude of consumers and regulators shifts around those matters, it&#8217;s becoming a simple matter of good business. Frankly, given the&nbsp;virulence and widespread nature of cyber threats, the need to take security seriously and embed it natively into IoT products should be seen as a simple matter of common sense for product developers and investors.<\/p>\n","protected":false},"author":529,"featured_media":2457,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"content-type":"","footnotes":""},"categories":[195],"tags":[93],"ppma_author":[3178],"class_list":["post-1627","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-iot","tag-internet-of-things"],"authors":[{"term_id":3178,"user_id":529,"is_guest":0,"slug":"jean-christophe-gaillard","display_name":"Jean-Christophe Gaillard","avatar_url":"https:\/\/www.experfy.com\/blog\/wp-content\/uploads\/2020\/04\/medium_b55e5afa-fb86-428a-a054-3be0451df2a4-150x150.jpg","user_url":"https:\/\/www.corixpartners.com","last_name":"Gaillard","first_name":"Jean-Christophe","job_title":"","description":"Jean-Christophe Gaillard\u00a0is Managing Director and Founder at Corix Partners. He is also a Non-Executive Director with\u00a0<a href=\"https:\/\/www.stratasecurity.co.uk\/\">Strata Security Solutions<\/a>, a specialized cybersecurity firm. He has been co-president of the Cyber Security group of the\u00a0<a href=\"https:\/\/www.telecom-paristech.org\/\">Telecom Paris Tech alumni association<\/a>\u00a0since May 2016. He is the author of \u201c<a href=\"http:\/\/www.blurb.co.uk\/b\/9015902-cyber-security-the-lost-decade-2018-edition\" target=\"_blank\" rel=\"noopener\">Cyber Security: The Lost Decade<\/a>\u00a0\u2013 A Security Governance Handbook for the CISO and the CIO\u201d, He contributes regularly to\u00a0<a href=\"http:\/\/www.thedigitaltransformationpeople.com\/authors\/jc-gaillard\">The Digital Transformation People<\/a>,\u00a0<a href=\"http:\/\/www.business2community.com\/author\/jc-gaillard\">Business 2 Community<\/a>, and\u00a0<a href=\"https:\/\/www.iotforall.com\/\">IoTforAll<\/a>\u00a0platforms, as well as the\u00a0<a href=\"https:\/\/www.thebtn.tv\/\">Business Transformation Network<\/a>. He is an expert contributor on the\u00a0<a href=\"https:\/\/ciowatercooler.co.uk\/members\/jean-christophe-gaillard\/activity\/\">CIO Water Cooler<\/a>\u00a0and has previously published articles on\u00a0<a href=\"https:\/\/www.infosecurity-magazine.com\/opinions\/bridging-gap-security-it-operations\/\">InfoSecurity<\/a>\u00a0Magazine, \u00a0<a href=\"http:\/\/www.computing.co.uk\/ctg\/opinion\/2396800\/how-to-achieve-effective-cyber-security-in-a-hyperconnected-world\">Computing<\/a>, the C-Suite.co.uk,\u00a0<a href=\"http:\/\/www.informationsecuritybuzz.com\/?s=gaillard\">Info Sec Buzz<\/a>\u00a0and the\u00a0<a href=\"http:\/\/www.director.co.uk\/blog-cyber-insurance-what-do-you-think-youre-buying-20323\/\">IoD Director<\/a>\u00a0websites."}],"_links":{"self":[{"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/posts\/1627","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/users\/529"}],"replies":[{"embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/comments?post=1627"}],"version-history":[{"count":2,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/posts\/1627\/revisions"}],"predecessor-version":[{"id":29517,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/posts\/1627\/revisions\/29517"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/media\/2457"}],"wp:attachment":[{"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/media?parent=1627"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/categories?post=1627"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/tags?post=1627"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.experfy.com\/blog\/wp-json\/wp\/v2\/ppma_author?post=1627"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}