The rate at which mobile devices are proliferating is staggering. According
to a recent white paper by Harbor Research, there are approximately 2.8 billion
mobile phones in use today, with 1.6 million new ones added every day. And that's
just phones. Analysts tell us within 15 years, the Internet will need to accommodate
over one trillion (with a T) non-PC devices.
Whether you call this phenomenon "the network of devices" or "the
Internet of things," the underlying message is the same. Connectivity now
encompasses everything from TVs and cell phones to cars, medical devices, networking
equipment, environmental controls, industrial sensors, aircraft and everything
in between. Everything connected...ahh, how nice. Well, maybe not.
Swift consumer adoption is driving mobile market growth, but it is also increasing
complexity and security risks. Managing the personal and enterprise interface
with the Internet is becoming tremendously more complex due to the number and
diversity of devices connecting to it, and the new types of content we're sending
across the Web. These days, non-PC devices connected to the network are exposed,
from day one, to advanced polymorphic malware and viruses that can infiltrate
a device without the user ever knowing it.
Everyone agrees that security is a big concern, but who's accountable after
a security breach? Is it the consumer who inadvertently downloaded a virus?
Is it the device manufacturer who didnt bother to build device security
into the product from the start? Or, is it the fault of the service provider
or carrier whose network the data moved across?
Unfortunately, when it comes to security, the "connected devices"
industry has not outlined a best practices approach. That's probably because
of all the devices that connect to the Internet, only workstations and cell
phones are really represented, as classes, by manufacturing consortia. That
means security design decisions are typically made on an ad-hoc basis and different
approaches are used for different products. Sadly, security is often added into
devices only after a high-profile breach gets splashed across the Internet.
I'd posit that device manufacturers have perhaps the most responsibility --
and the most control -- over the security of their devices. They also have the
most to lose if they get it wrong. Customers experiencing problems call the
company whose logo is on the device, regardless of who wrote the software running
on it. So when devices suffer security problems, support calls increase, devices
get shipped back for troubleshooting, and device manufacturers get stuck with
Unfortunately, many device manufacturers have an incomplete security approach
or refuse to acknowledge that it is "their problem" at all. Designing
and budgeting for security at the right time, early in the product design cycle,
is often viewed as unnecessary by manufacturers. However, this stance is shortsighted
when the cost of supporting a device over its entire useful life is taken into
consideration. The damage to customer confidence and brand equity caused by
devices that are compromised is substantial. Additionally, security breaches
through incomplete device defenses routinely impact shareholder value for device
manufacturers -- just take a look at the news.
Device security isn't easy for manufacturers. Most security packages are designed
for PCs, not devices, and common security protocols like SSH and SSL can be
difficult to squeeze into the small memory and processor environments of many
devices and controllers. Casually implemented security on devices can deliver
big performance hits and eat through valuable battery life. But good, fast,
small security solutions specifically designed for embedded device environments
are out there.
The embedded device manufacturer's approach to security affects service providers
and enterprises as well. Service providers consistently strive to deliver first-class
consumer experiences, and the potential for compromised devices connecting to
their networks (and spreading infections) represents a substantial exposure.
Service providers, carriers and service provider vendors such as Google, Apple
and AT&T want to be able to offer enhanced, revenue-generating services
that enable people to transact and consume valuable content online. If theres
a loss of confidence in the devices ability to leverage those services,
people will switch platforms -- or providers -- instantly. For commercial concerns,
improperly secured devices pose significant risk to the entire enterprise, with
huge negative implications for customers, partners, and ultimately shareholders.
To address the device security challenge and maximize the potential of "the
Internet of things,"everyone -- device manufacturers, service providers
and enterprises -- must assume responsibility for security. And we must recognize
the need to centralize and standardize how device security is dealt with on
all devices, wired or wireless. We need to take a more holistic security approach
and apply an extensible framework that secures all aspects of device data access
and communication. Securing devices is an industry imperative -- doing it the
right way will pay for itself multiple times over in our increasingly connected
About the Author
Adrian Turner has more than 15 years of international business experience. Prior to founding Mocana, Turner was responsible for West Coast Business Development and Alliances for Kenamea, an enterprise communication firm specializing in reliable, secure communications. He also had P&L responsibility for developing infrastructure to support Philips Electronics' (NYSE:PHG) connected consumer and business devices. Prior to that in 1996, Turner launched the world's first network of 225 coin-operated Internet kiosks in the Australian market.
Turner holds a business degree in Marketing and Finance from the University of Technology in Sydney, Australia, and has completed the Executive Program for Managing Growth Companies at Stanford University. Turner is also Vice Chairman of Australia's leading international expatriate network, Advance (http://www.advance.org/).
Mocana securely enables Internet-scale applications and services for connected devices. Mocana's industry-leading infrastructure software solutions ensure that wired and wireless devices, networks, and services perform and scale with the utmost security—a necessary foundation for a networked society. Customers include Philips, Dell, Cisco, Nortel Networks, and Honeywell among others.
Winner of the 2008 Frost & Sullivan Technology Innovation of the Year and 2008 Red Herring 100 Top Tech Startups in North America awards, Mocana was founded in 2004, is privately-held, and is headquartered in San Francisco, California. For more information, visit www.mocana.com/evaluate.html.