Using the IoT to Bolster Operational Security

0

As the nascent Internet of Things enters its adolescence, it stands to prove transformational across entire industries, but it’s already possible to implement IoT technology to great effect if the circumstances justify the early adoption. One area that certainly justifies it is security: more than ever before (following various high-profile cases of data theft), there’s great reason to be concerned about the safety and privacy of business data.

Using the IoT, a forward-thinking business can greatly reinforce its security procedures without markedly decreasing convenience — in fact, you may see an increase in convenience in some areas. But how does this work? What specifically does the IoT help with?

Let’s find out. Here are some essential things that IoT tech can bring to operational security, along with a notable point of caution about implementation:

Convenient multi-factor authentication

Authentication gets more important the larger an operation becomes and the more moving parts it requires. On a frequent basis, users must be identified (and have their access levels gauged), and products must be confirmed as genuine.

Traditionally, this has mostly been done manually — when an employee lacks the expertise to verify something, they must pass the matter up the managerial chain until it reaches someone with sufficient authority. This takes time and effort that would be better used elsewhere.

Through bringing together biometrics, chips with unique identifiers, and decentralized records, the IoT can enable complex multi-factor authentication. To verify a user’s identity, for instance, it can use a fingerprint reading, a voice scan, and a password. Per Tencent’s recent research, this technology is still far from foolproof, but it’s getting better all the time. 

Think about the level of security that’s now almost mandatory for financial services (e.g. full internal GDPR compliance, adhere to PCI standards across the board, and risk teams assembled to prevent fraud), and envision that encompassing every form of device or system interaction. Will that be overkill in most situations? Absolutely, but the point is that it can easily scale to that level if needed — all without expanding the manual work required (past the design and production stage, at least).

Cloud-supported video monitoring

Depending on the exact nature of your business, you may have numerous parts of your operation that you would like to monitor closely if possible. You may have part-time employees working around high-value items, for instance, or find that a certain part of your operation isn’t making progress as efficiently as it should.

Before the cloud came along, video monitoring could be very inconvenient. Data storage would be bulky and require you to manually swap out tapes when needed — plus the tapes would be vulnerable to local access and manipulation.

With cloud-based storage, though, video footage can be seamlessly streamed to secure servers elsewhere in the world. This also makes monitoring equipment easier to deploy, and thus easier to justify. Instead of having to deal with permanent installations, you can simply configure wireless cameras when you need them and move them afterwards.

Sophisticated geo-tracking

Geo-tracking certainly isn’t new, but it’s still far from reaching its potential for business. It’s often vague, limited, inconsistent, and difficult to access when you most need it (barring notable exceptions such as “Find my Phone”-style emergency theft features). This is something that the IoT will change.

Through a combination of GPS information, mobile data signals, Wi-Fi networks, RFID tags, and Bluetooth connections (to name just some viable factors), it’s possible to clearly and accurately track the location of a product even when individual data points are lost. The goal is essentially to create a system that’s not only automated but also adaptive — healing itself when damage is detected.

Why is this useful for security? Well, when you have something moving through an extended supply chain, you need guaranteed consistency. It costs no small amount of money to take a concept and turn it into a practical reality, and even if a product drops off the grid for just a small amount of time, it invites reasonable concerns about fraud.

Think about top-end paintings. With adequate tracking (combined with all these other points), they wouldn’t need dedicated art appraisers to verify their legitimacy, saving money and time. And if any damage occurred, it would be easy to tell at which point in the distribution chain it took place, making it simple to attribute responsibility.

Varied lines of communication

Regardless of how much of your operation becomes automated, communication will still be of critical importance. In fact, given the rise of remote working in a time when it doesn’t always matter where a business is actually located, it’s essential to be able to follow along with what workers are doing — no matter where they are in the world.

For instance, suppose that someone in possession of an expensive piece of equipment seems to disappear at a very inconvenient time: what can be done about it? Previously, you could call them repeatedly and send them some messages. With the IoT, you can do more.

If you had an employee working on a mission-critical task, you could tag everything they had with them. If you were unable to reach them, you could glean their location using GPS technology, find a nearby business, and send a message there to intercept them.

And when they needed to give a full account of the situation, they could do so using their phone, or a smartwatch, or any other suitable device. Having vastly-expanded communication possibilities simply makes everything easier and more reliable.

The associated security risks of IoT devices

At the moment, one of the biggest issues with the prospect of the IoT becoming mainstream is that every introduction of an IoT-enabled device creates a fresh point of vulnerability. If you have 100 electronic devices set to network seamlessly, it only takes one of them being susceptible to hacking for the entire network to be compromised.

Before the IoT can reach its potential for providing security, its internal systems must themselves be fully secured. This will require regular updating, rapid bug-fixing, and smart hardware design to make it prohibitively difficult to locally tamper with a device (and/or next to impossible for an altered device to connect to a secure network).

Is this impossible? No, far from it. Huge strides are being made in addressing the basic security issues with first-generation IoT devices (Wired has a great piece on this), and if progress continues to be made, then IoT can certainly become the bedrock of a new style of operational security — and we can expect this to happen within the next decade, likely with the addition of a formal IoT security standard.

Through automatically connecting entities — products, companies, locations, and other things besides — the IoT can greatly improve operational security: saving time, expanding communication possibilities, and making strong authentication simple. It isn’t quite ready yet (which is to say that we’re not ready to use it fully), but it will be soon.