Internet-of-Things in the Age of Standardization vs Security Issues

IoT adoption in the enterprise is one of the biggest changes that many companies are facing. Like the PC adoption in the 1980s and the “Bring Your Own Device” phenomenon in the 201x decade, IoT devices are set to conquer a typical company interfacing with their customers on a daily basis. One biggest aspect that organizations should understand is that unlike the PC and smartphone industry, the IoT industry is still in its infancy.

The PC used to be a computing device that frequently crashes, hangs and generally unreliable, but users and corporations used them even during the days of the Y2k controversy 18 years ago. It took Microsoft till Windows 8 to finally realize that they need to take charge of the PC’s security, and not leave it in the hands of three dozen antivirus vendors to do the job of their OS security. As Windows 8 and later came bundled with the Windows Defender app, out-of-the-box Windows experience has been much more secure than ever before.

The PC’s evolution has been mimicked by the smartphone/table industry. With the growth of the antivirus app in the Play Store, Google was very lenient when it comes to the security of Android. Apps can be downloaded anywhere, sideloaded from dodgy website downloads and overall the quality of apps much lower than their iOS counterparts. It took Google until 2017, a full nine years since Android’s first release to recognize the problem fully and administer their own antimalware solution: Google Play Protect.

The Microsoft Defender and Google Play Protect by default protect their respective OS and platforms, enabling users to maintain confidence in using their device. IoT devices being a newcomer in its own category does not reach a level of maturity, security-wise. Each IoT manufacturer currently uses their own OS, API, and configuration, incompatible with other manufacturers. This creates islands of vulnerability, where cybercriminals will have a field day attacking a known vulnerability in devices manufactured by company X. And due to limited global market share, 3rd party cybersecurity app developers may not have enough justification to develop antimalware apps in a specific IoT hardware, let alone if such hardware has enough system resources to run an antivirus app from a 3rd party.

There is hope in the horizon since both Microsoft and Google have taken into consideration to expand their market to the Internet-of-Things space as well. Microsoft has been fine-tuning their Azure Sphere OS based on the Linux kernel for the IoT market. Google is also brewing an edition of Android for IoT dubbed “Android Things”, bringing all the benefits of Android to the IoT industry, including its security feature Google Play Protect.

The time will come that IoT devices will either be Azure Sphere OS-based or Android Things-based, similar to how the mobile market is divided between Android and iOS today. The importance of a built-in mechanism to detect malicious apps while still fairly managing the system resources of a device will be highly sought after principle. If such principle was effective in the PC infrastructure and mobile device infrastructure, it goes to show it will also be effective for Internet-of-Things.