Tag Archives: Patrick Sullivan

Understanding IoT security requirements

The power of objects in the Internet of Things (IoT) to change the state of environments will likely prompt chief information security officers (CISOs) to redefine the scope of their efforts beyond current responsibilities.

According to Gartner, IoT security requirements will “reshape and expand” over half of all global enterprise IT security programs by 2020 due to changes in supported platform and service scale, diversity and function.

“The IoT is redrawing the lines of IT responsibilities for the enterprise,” explained Earl Perkins, research vice president at Gartner. “IoT objects possess the ability to change the state of the environment around them, or even their own state; for example, by raising the temperature of a room automatically once a sensor has determined it is too cold or by adjusting the flow of fluids to a patient in a hospital bed based on information about the patient’s medical records. Securing the IoT expands the responsibility of the traditional IT security practice with every new identifying, sensing and communicating device that is added for each new business use case.”

To be sure, traditional “information” technology is now being supplemented by purpose-built, industry-specific technologies that are defined by where and how that technology is used and what function it delivers. Simply put, information remains a critical deliverable and is the fuel for IoT devices. The device’s ability to identify itself (such as RFID tags that identify cargo), sense the environment (such as temperature and pressure sensors) or communicate (such as devices in ocean buoys that transmit environmental changes to the areas around them) requires information to be generated, communicated and/or used.

Although traditional IT infrastructure is capable of many of these tasks, functions that are delivered as purpose-built platforms using embedded technology, sensors and machine-to-machine (M2M) communications for specific business use cases signal a major change in the traditional concept of IT and the concept of securing IT.

“This is an inflection point for security. CISOs will need to deconstruct current principles of IT security in the enterprise by re-evaluating practices and processes in light of the IoT impact. Real-time, event-driven applications and nonstandard protocols will require changes to application testing, vulnerability, identity and access management (IAM) — the list goes on,” said Perkins.

“Handling network scale, data transfer methods and memory usage differences will also require changes. Governance, management and operations of security functions will need to change to accommodate expanded responsibilities, similar to the ways that bring your own device (BYOD), mobile and cloud computing delivery have required changes — but on a much larger scale and in greater breadth.”

Although the business use cases being identified daily are indeed innovative and new, the technologies and services that deliver them are seldom new as well — they are also rarely uniform in architecture and design. Each use case risk profile has specific requirements that may result in the use of old platform and service architecture with a new technology “overlay” to improve performance and control.

“This represents an interesting challenge for CISOs when delivering secure services for the IoT,” Perkins continued. “In some cases, it may be a ‘past is future’ exercise in evaluating mainframe, client/server, Web, cloud and mobile security options as part of an overall IoT business use case. Even out-of-maintenance systems such as Windows XP may still play a critical role for some industry infrastructure as part of an IoT security system. Security planners should not throw away their old security technology manuals just yet.”

In addition, says Perkins, CISOs should not automatically assume that existing security technologies and services must be replaced. Rather, they should evaluate the potential of integrating new security solutions with old. Simply put, many traditional security product and service providers are already expanding their existing portfolios to incorporate basic support for embedded systems and M2M communications, including support for communications protocols, application security and IAM requirements that are specific to the IoT.

According to Perkins, CISOs should resist the temptation to overthink security planning while patterns and solutions are still emerging. Rather, they should start small and develop initial security projects based on specific IoT interactions within specific business use cases. CISOs can build on these use case experiences to develop common security deployment scenarios, core architectural foundations and competency centers for the future.

“The requirements for securing the IoT will be complex, forcing CISOs to use a blend of approaches from mobile and cloud architectures, combined with industrial control, automation and physical security,” he concluded. “Fortunately, many of the security requirements for the IoT will look familiar to the CISO. The technologies and services that have been used for decades to secure different eras of computing are still applicable in most cases.”

Interested in learning more about the IoT? You can check out Atmel’s recent IoT SoMa panel on the subject here, Patrick Sullivan’s EELive! 2014 presentation and our extensive Bits & Pieces IoT article archive here.

Sullivan says the IoT is becoming a reality



Patrick Sullivan, VP of Marketing at Atmel’s MCU Business Unit, hosted an Internet of Things (IoT) Engineering Summit co-sponsored by Xively at EE Live! 2014.

Essentially, the Internet of Things (IoT) refers to a future world where all types of electronic devices link to each other via the Internet. In 2009, there were 2.5 billion connected devices; most of these were mobile phones, PCs and tablets. By 2020, there will be over 30 billion connected devices of far greater variety.

“IoT is definitely a mega-trend in our industry. Everyone is talking about the IoT, it is everywhere,” said Sullivan. “That is why numerous companies are working to set up specific business units to manage various aspects of the Internet of Things.”

However, Sullivan noted that while the IoT is well on its way to becoming a reality, only a minority of devices are currently connected to the Internet.

“The IoT is still in a relatively nascent stage. Nevertheless, the Internet of Things will quickly evolve as it becomes a particularly explosive market. Security and privacy are going to be especially critical for the IoT, specifically when it comes to wearables,” Sullivan explained.

“Similarly, managing IoT-related Big Data will be another challenge for the industry. How does one efficiently store, process, track and analyze terabytes of real-time streaming data – all while tailoring the information for a specific individual? Companies that figure out that formula, namely making IoT data useful and easily accessible for the non-technical masses, will be successful.”

In addition to monitoring exercise stats, wearables like smartwatches or pendants can be used to improve the health of individuals, no matter what their age or level of physical fitness.

“Health insurance companies can leverage wearables such as fitness trackers to monitor individual heath in real-time, with healthy lifestyles helping to drive down premiums. Obviously, such devices must be easy to use and comfortable to wear,” he noted.

“Health-based wearables can also help doctors more easily monitor and analyze a patient’s blood sugar, heart rates, sleep patterns, exercise and daily activities.”

Smart energy platforms is another topic Sullivan discussed, as designing an efficient, connected grid will go a long way in helping to reduce waste in residential and commercial buildings.

“Pumps, gas-lines and related infrastructure will ultimately be connected to the IoT, helping utility companies to pinpoint issues before they become a real problem for people,” Sullivan added.

Image Credit: Daimler

“We’ll be seeing the very same approach when it comes to next-gen vehicles, as both cars and trucks roll out of the factories loaded with advanced sensors to help alleviate traffic and significantly reduce accidents, whether on a crowded city street or fast highway. For example, your car will tell you, perhaps via a HUD (heads-up display) when a specific route is jammed and automatically choose another route. Your car will also talk to other vehicles, helping to avoid collisions.”

Last, but certainly not least, Sullivan talked about the automated IoT home, which, in the not too distant future will be protected by smart locks, cleaned by intelligent vacuum cleaners and filled with connected appliances such as intelligent lighting and thermostats, washing machines, refrigerators, coffee makers and ovens.

“The IoT will play a big part in connected homes, providing instant market intelligence to companies and remotely alerting users when their refrigerators are empty, clothes are clean, coffee is hot, food is ready, house is too cold and room is too dim,” he concluded.

Interested in learning more about the IoT? You can check out Atmel’s recent IoT SoMa panel on the subject here and our extensive Bits & Pieces IoT article archive here.