The great IoT threat: how to avoid common security pitfalls during application development

December 01, 2015 // By Calum Barnes
The future potential of the Internet of Things has been well documented. Cisco Systems estimates 25 billion devices will be connected to the internet by the end of this year, while IDC believes $7.3 trillion in revenue will be generated by IoT components by 2017.

For entrepreneurs and big businesses alike, those figures are enticing enough to inspire the creation of a seemingly 'new' connected product, service or feature.

However the race to be first to market can result in quick and hasty decisions. Although the IoT is still young, there is already growing concern that poor application development and design are too often the rule rather the exception. With no real limitations to the kinds of historically "dumb" devices which can be made "smart," many IoT security failures can be traced back to poor decisions about the type of ‘smart’ features implemented, how they are implemented and the scope in which they will be used. However, IoT companies can learn something from the security advancements that have been made in the IT industry over the last 20+ years.

The consumerisation of IT means that technologies designed and marketed to consumers often find their way into workplaces. It is nearly impossible to know how your technology will be applied once it has been marketed and sold. In an age where data breaches are making headlines on a daily basis, it’s potentially disastrous for a business to not build in the proper security measures within product development.

The IoT brings with it immense opportunity, but it could quickly be brought to its knees if manufacturers fail to consider security implications in their rush to hit the market place with 'the next big thing'. For business application developers, the following will help ensure security remains a priority throughout the development process:

#1 Secure your apps by design

Before beginning any app development, designers must weigh up the pros of ‘connected’ features against the cons of the security holes they open up. IoT applications must be designed to assess the security and privacy implications of connected features like messaging and social media integration upfront. An email proxy requires clear and concise directions on secure configuring, with strong administrator credentials, shielding it from low-level attacks and port scans.

These basic protections will then influence other design decisions. A rigorous assessment of the security implications of smart features may increase the cost of development, but will save time and cost of flaws discovered down the road.

"Building an IoT product is not as simple as it might seem and quicker never means safer", says Calum Barnes, Xively Product Owner at LogMeIn.