One of the Biggest Security Problems Smart Product Developers Are Missing
If the TV network that brought fire-spitting, flying dragons to life can get hacked, so can your product. For companies, that should be one of the takeaways from the recent headlines about the data hack of HBO, which has resulted in confidential leaks from hit shows like “Game of Thrones.”
One would think with all the previous, high-profile data thefts from entertainment industry goliaths, such as Sony and Netflix, other businesses dealing with sensitive, customer information would take the threat more seriously.
In the case of organizations building connected products, that’s not nearly the case, according to the recent Harvard Business Review Analytic Services report, “Bridging The Gap In Digital Product Design.”
In fact, less than a quarter (24%) of companies building smart products today say managing and securing the large amounts of customer data being gathered from sensors is a big challenge, according to the report. That means more than three-quarters of businesses creating connected devices may not be taking the risks of data management seriously.
“Consumers are right to be fearful of their privacy and whether or not companies are protecting their data,” says Jama Software’s Director of Security & IT, Philip Jenkins. “A lot of companies haven’t totally thought it through, and the capability isn’t always backed with strategy or intention.”
Creating A Plan
Aside from keeping up with the marketplace, one of the main benefits of developing connected products is having the ability to monitor how consumers are interacting with your creation in real time. Businesses can then analyze that data and make more targeted improvements for future product iterations.
If a company plans on collecting data through its smart product, one of the first steps should be devising a plan for doing so. Deciding what information to gather, where it will be stored, and how it will be secured are all topics that should be explored as part of this process.
Otherwise, indiscriminately collecting customer information and letting it sit somewhere like a database creates a liability for both your customers and business. After all, an amassed trove of consumer information is gold to hackers. They could turn around and sell it to a competitor, charge a ransom for its return, or just dump it onto the internet resulting in a public relations nightmare.
For businesses creating smart products, particularly those new to the process, all it takes is one security blind spot to open yourself up to a breach. And, given the complexities of today’s products and speed at which technology is progressing, no company dealing with user data is completely immune right now. Consider, for instance, that the wildly popular photo-sharing service, Instagram, which is owned by Facebook, recently discovered a bug in its API that allowed hackers to access contact information for millions of accounts, according to The Verge, allegedly including celebrity users like Beyoncé, Taylor Swift, and Selena Gomez.
Threats to data security not only include team members, processes, products, and other facets of your organization, but also any third parties you’re entrusting with critical information. The Netflix hack, for example, occurred after someone had been scanning the web for computers running outdated versions of Windows software, and discovered one at a partner production company of the streaming giant, reported Variety.
Since it’s still pretty early in the onset of connected products, how companies gathering data are tackling these issues is very much being worked out in real time.
Lessons from the Auto Industry
Sometimes, the risk of a security breach can extend well beyond data. The automobile industry, for instance, has been a leader in integrating connected software into new vehicles, but not without some serious speed bumps.
In 2015, Fiat Chrysler Automobiles (FCA) recalled 1.4 million vehicles due to a software vulnerability that allowed hackers to wirelessly break into automobiles and remotely control them, according to Computerworld. For its part, Fiat Chrysler issued a software patch to fix the hole, but it had to be downloaded to a USB drive, then plugged into a vehicle and uploaded.
An alternative solution for smart vehicle security looks to be software over-the-air (OTA) upgrades — which happen wirelessly, much like smart phone software updates. Several smart car automakers are moving to this option to save recall costs and reduce security risks, but it’s not without its issues either, such as the loss of revenue to car dealerships over repairs or customers voluntarily opting out of software upgrades in general. And, as the demand for technology like autonomous driving expands in the auto industry, cybersecurity issues will only play a bigger role.
Getting a Handle on Data Security
Smart vehicles aside, OTA upgrades can also be deployed to the firmware or software of other connected devices, resulting in benefits like a standardized upgrade process across products and faster time-to-market updates. Still, there needs to be a quick, easy, and secure way to run OTA upgrades, and businesses are still working on that process.
Another thing companies can do to get out in front of smart product security concerns is have their hardware and software engineers work closer together. Integrating hardware and software teams creates a better chance that the connected products being built are safer and more secure.
And if there’s even one positive thing to come out of a hack of a well-known, industry leader like HBO or Instagram, it’s serving as an alarm to other businesses. Unfortunately, in many cases, the organizations most concerned with these threats are the ones that have already dealt with the consequences.
Get a deeper look into the security issues companies developing connected products are facing, as well as the advice offered from leading industry experts, with our report, “Bridging The Gap In Digital Product Design.” The report also features insights from nearly 300 innovators from a variety of industries, including manufacturing, technology, healthcare, financial services, and more.
Kevin Smith | September 6, 2017
Originally published at www.jamasoftware.com on September 6, 2017.