Staggering estimations of the increasing number of IoT devices connected each year raise valid concerns about security and privacy issues. Though IoT technology is relatively new, high-profile IoT security breaches associated with the Mirai botnet and Amazon's Ring doorbell have splashed headlines. These incidents have enterprises, individuals and experts alike alert to IoT's security shortcomings.
All eyes are on developers now, said Jessica Groopman, analyst and founder of Kaleido Insights. They must be more security-aware than ever and bake security in during the early stages of product development to prevent another Mirai -- or worse.
"There is a trend around organizations trying to be more proactive about security. We will continue to see this in a number of different directions -- at the product level, at the program level, at the employee and talent acquisition level," Groopman said.
Ecosystem partnerships are a significant driver of recent IoT security-by-design efforts. "We're starting to see companies like Amazon, for example, that are requiring companies that want to integrate their hardware into the Alexa ecosystem to have X, Y and Z security features enabled," Groopman added.
Because of Amazon's ubiquity, other organizations are incentivized to bolster IoT security efforts in order to integrate. It is also in companies' best interests -- especially if they want to avoid noncompliance penalties -- due to industry anticipation of future IoT security government regulation.
Editor's note: The following transcript has been lightly edited for clarity and brevity.
IoT devices, once a sci-fi phenomenon, are in the hands, pockets and homes of millions of people worldwide. As with any technology, there's the question of its future and implications on society -- IoT security especially.
Gartner research suggested the enterprise and automotive IoT market will reach 5.8 billion endpoints in 2020, a 21% increase from 2019. This increase of IoT device implementation will be met with an increase in regulatory efforts, too.
For this reason, we can expect companies to get more proactive about IoT security by design, said Jessica Groopman.
Jessica Groopman: We're already seeing that. GDPR is a good example of requiring certain privacy and security-by-design features or principles into product development. Now, how much of that will be enforced? That remains to be seen.
Amazon, for example, requires companies that wish to integrate with Alexa to have certain security features enabled.
Groopman: This kind of influence on the market is just one example of companies trying to be more proactive. Or, if they're ecosystem players, such as a giant like Amazon, trying to influence the broader ecosystem to be more proactive and more secure.
Look out for advancements in edge computing as well. This local processing of data has big security implications -- especially since data is not necessarily sent back to the cloud.
Expect growth in the smartphone and healthcare technology IoT sectors, both of which handle extensive amounts of personal data and use biometrics. How to safeguard that information will be a big security focus going forward.
Is there reason to be optimistic about the future of IoT security? Groopman hesitated to say yes.
Groopman: Where I am pessimistic today is in how organizations have come to deploy IoT with security and privacy as an afterthought. Things that I am most optimistic in are the next generation -- digital native's awareness, comfort, understanding, lower tolerance for irresponsible use of technology. So, when I look at the next generation, that is the source of optimism for me.
Only time will tell whether IoT security will drastically improve. But one thing is for sure: IoT innovation is not going anywhere. Ensuring we have security-aware companies and consumers will be critical to the getting the most out of this technology.