I’m reading this article [romanian] about the need to secure IoT solutions. Vali’s concern is valid, and even if he’s not a specialist, or perhaps because he’s not a specialist is what makes his opinion relevant. However, I disagree. The IoT solutions need not be secured.
IoT solutions need to be built on secure grounds from the start. I am amazed about the number of breaches in IoT systems – I’m talking about those that we know about, and I’m talking about those that we don’t know about, which are the scariest. The ability to control one’s house, or detect if there’s someone on the premises, is scary. The problem?
The new wave of startups that do bold things when it comes to IoT. The mentality of a startup is to build the MVP – The Minimum Viable Product, and then roll with it. Yes, they have a solution fast, and they get it to work swell with three or four devices – not so much when you think about how many devices are out there to support. And there’s no standard. But their point is to create that MVP and sell it to an investor, who will pick it up and do the brunt of the work.
However, not all succeed, and they start selling it to consumers, and selling something to consumers is a whole different ball game. Youngsters hunting for fast bucks will decide that the MVP works on the consumers as well – and the faults of their systems are not obvious to the consumers because they are hard to prove by laymen. What does your accountant neighbor know about SSL? What do they know about certificates? About home system security? Nothing. So you can sell to consumers MVPs just because they are flashy – and people buy it because they like cool stuff.
Yes, that’s why IoT solutions must be a security solution first and foremost. MVPs should be built on secure grounds, but security is a boring topic and young guns prefer not to think about it. It’s easier not to. It’s easier to think that it’s just a detail.
Disclaimer: I work for an IoT solution, and learned these things the easy way: by building directly on secure grounds.