Your browser is out-of-date!

Update your browser to view this website correctly. Update my browser now



Internet of Things: Mitigating risk

“There is a growing consensus in the IT security industry that IoT devices may offer hackers a route onto a network”

Previously we revealed the need to be selective with IoT deployments to gain real benefits, before looking at the professional applications where IoT stands to be advantageous. David Davies concludes by considering the security concerns an abundance of access points could present.

Despite all the potential benefits, no one denies the profound security implications of IoT. As Mark Childerhouse, director of Pioneer Group observes, “if each and every peripheral device has its own IP address, each device becomes an access point and therefore a potential security liability which needs to be managed correctly.” But once that has been fully recognised it is possible to “respond to and manage these access points properly. There are lots more gaps to fill as the network has more potential liabilities, but mitigating risk often comes down to basics such as strong passwords and restricted access.”

Tony Crossley, special projects director at Pure AV, observes that “as traditional IT equipment becomes more secure, there is a growing consensus in the IT security industry that IoT devices may offer hackers a route onto a network. That’s why engagement with IT/network managers at an early stage is critical to ensure that the design developed is secure and able to meet the security standards of all stakeholders.”

For vendors and integrators alike, IoT is giving rise to a new sphere of services. Pure AV, says Crossley, has “started to offer free security reviews on networks for integrators to take to their end users, helping them to demonstrate where weak spots on their networks can be fixed and what needs to be considered moving forward. Specialist security services will certainly be required moving forward for AV integrators.”

“Security is a very hot potato,” says Joost Demarest is CTO of the KNX Association, “especially when communication cannot be protected against eavesdropping, as is the case for wireless communication and if connecting to the internet. If the latter is the case, then the manufacturer or the ecosystem has no choice but to provide sufficient protection mechanisms to avoid unwanted intrusion. Unquestionably, this increases the integration effort; the added value of the [required] security comes at a price.”

In terms of KNX, the Association has spent much time over the last few years working on a definition of a KNX-standardised IoT interface that will allow anyone wishing to tap into the data of a KNX installation to access an ecosystem-specific interface. Demarest says: “With this IoT interface, KNX will be able to grant access to its home and building automation data at installation level, rather than the level of products from one single manufacturer. More will be shown at the ISE and Light + Building shows early next year.”

“It could be that there ends up being an independent organisation to look at security standards and we all conform to the one approach”
Joost Demarest, KNX

Industry-wide it could be that there eventually needs to be an organisation devoted to IoT standardisation, with a particular emphasis on providing a baseline of operation and security for the conjunction of professional and consumer systems. “It could be that there ends up being an independent organisation to look at security standards and we all conform to the one approach. Or it could be that [standardisation emerges] from individual companies. It remains to be seen how it will all shake down, I think,” says Joe Andrulis, executive vice president of corporate development, Biamp Systems.

Solutions with IoT messaging
What is certain is that an increasing number of manufacturers are bringing solutions and services to market with explicit IoT messaging. Stijn Ooms, Crestron director of technology, points to Crestron’s XiO Cloud, which is the company’s unifying IoT-based platform for remotely provisioning, monitoring and managing Crestron devices across an enterprise or entire client base. Operating on a subscription model, the XiO Cloud supports direct device-to-cloud connection via the Microsoft Azure software IoT Hub without requiring any additional hardware.

Over at Biamp, Andrulis highlights developments such as its Beamtracking Microphones, which are designed for deployment with the Tesira platform and utilise AEC algorithms and beam-tracking technology to analyse the signals from each microphone element in order to determine the location of the contributor. This information is passed to the beamforming algorithm to tell it where to steer the polar pattern.

“We do see considerable opportunities around IoT in the conferencing sector,” confirms Andrulis, who also underlines the importance of “a very active two-way flow of information” with consultants and integrators during this period of great change across the industry: “We do meet regularly with those groups as well as end-users to help determine the kind of experiences that people require.”

Given that the nature and scope of IoT deployments will remain the subject of significant variation, canvassing opinion is going to be critical to vendors as they plan their future R&D activities. Security’s moving target is also going to be an enduring preoccupation, but for those vendors and integrators who can use IoT to bring real value to professional environments the opportunities are plentiful.