On Cybersecurity: Match IoT Security with the Threat
If you work for a tech startup with ambitions to sell internet enabled things and services, you probably pause once you finish the prototyping stage. This pause can easily transform into a pregnant pause, once you engage with leading hardware providers. Although you may be able use the same connectivity provider in your early and late stages of development, it is unlikely that you will use the same board due to certification requirements. And today’s manufacturers of certified boards charge a heavy, hidden fee. They require you to subscribe to their platform in order to access your sensor data.
When you purchase a laptop, it generally prompts you to secure the laptop with a password. For most people, this service is welcome and forms part of a seamless user experience. Now, imagine a world in which, when you purchased your laptop, the seller required you to log in to their platform in order to access the data generated on your laptop. It’s akin to purchasing a Google laptop and being required to host all of your data on Google’s servers! Crazy, huh? Thankfully, that is not the case for our laptops.
Unfortunately, a pernicious vendor lock-in is the reality for many IoT startups, all in the name of cyber security. Manufacturers and connectivity providers claim that we must go through their platforms for data encryption purposes. Don’t be fooled by this seemingly benign gesture. Production grade security is easily within reach.
Companies such as Pub Nub or Pusher offer full end-to-end encryption with TLS/SSL and AES security protocols. As of the time of this article, you can use all features of PubNub for FREE forever for up to 100 devices and up to 1M messages per month. This plan also includes standard support. Firms like MobiCycle can be freed from a perpetual reliance on hardware manufacturers to access our client’s data — if only there were manufacturers willing to sell us the device only.
That is not to say, that there are no use cases for which a reliance upon the device provider for both device and data level encryption presents the better option. The first concern, however, should be to match the device’s security to the threat level. For many of us not collecting personally identifiable data, the PubNub’s of the world will suffice.