I’ve spoken in previous blogs about the concept of “cloudification” of business, a transformation that has occurred primarily due to widespread smartphone and tablet penetration in the workplace as well as the increased use of cloud-based enterprise applications.
However, cloudification is by no means limited to the enterprise. People can access, purchase and use content delivered on cloud-based platforms on all kinds of devices for their personal use and entertainment: from smartphones to PCs and set top boxes to games consoles.
Furthermore, the evolution of the Internet of Things means more types of device are becoming part of a cloud framework. In fact, the number and type of devices that can connect to the Internet and, therefore, cloud services is being blown wide open.
With IDC predicting that 212 billion devices will be connected by 2020, the growing relationship between the IoT and cloud, albeit exciting, potentially multiplies the number of endpoints connected to cloud environments exponentially, which may have severe security implications.
The traditional security framework has focused on PCs and mobiles, but new age IoT devices, including smart TVs, connected cars, wearables, home appliances, health monitoring devices and smart energy meters pose significant security threats.
“It is possible to hack anything”
Shortly after an experiment that stopped a passenger car in its tracks was carried out in a controlled hacking operation, Russian IT security expert, Eugene Kaspersky used this example to warn against the possibility of Formula One cars being hacked, stating that “it is possible to hack anything”.
Cars are a particularly interesting example. As we move towards the reality of driverless cars and intelligent transport systems, cars will rely far more heavily on on-board computers and communications with other vehicles as well as the broader transport network (traffic lights, satellite navigation systems, etc.)
In the case of Formula One, the number of devices connected within its network makes it an interesting ‘live’ example when trying to understand the challenges of securing an IoT network – from on-board computers in the cars, computers that measure car performance trackside through to the ones connected into the circuit’s network remotely from engineering centres.
Certain questions must be asked, and answered, to ensure the F1 network is safe from attack. Is the purpose-built MPLS network resilient enough to withstand a potential DDoS attack and are there any weak points of entry through which the network could be infiltrated? Are all F1 teams working to the same security standards when it comes to protecting their own networks at a device level?
More doors to close
The considerations I mentioned using F1 as an example is relevant because for businesses, delivering more services to customers through the cloud means connecting with an ever-increasing number of devices. However, while the F1 network can be seen as more of a closed circuit, with fewer parties required to take responsibility for securing their own networks and devices, delivering applications, TV channels and other forms of content to the world brings challenges on a different scale.
IoT devices communicate with little human interaction – mutual authentication is a crucial need. Many Internet-facing services use Bash to process certain requests, allowing an attacker to exploit vulnerable versions to execute arbitrary commands. In doing so, attackers can gain unauthorised access to a device system and execute arbitrary code remotely.
Take the example of distributing content such as TV shows and computer games through the cloud – every endpoint that content is delivered to, whether that’s a smart TV, games console or laptop is a potential vulnerability. Furthermore, while standards of cloud security are well defined – security standards at a device level are in many cases unclear. This means providers must exercise caution when allowing IoT devices to access the cloud.
While the standards of cloud security are way ahead of those in place for IoT devices, it is important for cloud providers to be aware that the cloud is only as secure as the most insecure device it is connected to. While the industry must agree on resilient standards for endpoint devices in the long-term, in the short term processes must be put in place by cloud providers to ensure they are protected against threats from potentially insecure devices. After all, it is possible to hack anything.
Six silver bullets to mitigate IoT threats
- Detecting DDoS attacks early by identifying malware caused by thingbots at the upstream tier 1 service provider level can mitigate attacks at the source.
- Accelerating the evolution of common IoT standards for inter-operability and security.
- Developing FPGA (Field Programmable Asic) embedded security chips for connected car manufacturers and wearables built at the design stage.
- Public key infrastructure-based solutions could help to secure exchanging information with authentication credentials across global IoT devices.
- IoT authentication with biometric data obtained using physical or behavioral features of a person (wearable devices).
- Improving privacy by design and periodic privacy impact assessments would promote trust in IoT paradigm
Leave your comments below, and read Vishak’s previous posts.
Tata Communications was the Official Connectivity Provider of Formula 1® between 2012 and 2019. Tata Communications was also the Official Managed Connectivity Supplier to Mercedes-AMG Petronas Motorsport, and Official Digital Transformation Partner to ROKiT Williams Racing until the end of the 2019 season.
Transformational Hybrid SolutionsOur cloud-enablement services offer the best performance on your traffic-heavy websites or mission-critical applications.
Core NetworksTata Communications™ global IT infrastructure and fibre network delivers the resources you need, when and where you need them.
Network Resources 
Unified Communications As A ServiceBreak the barriers of borders efficiently and increase productivity with Tata Communications’ UC&C solutions.
Global SIP ConnectEmpower your business with our SIP network and witness it grow exponentially.
InstaCC™ - Contact Centre As A ServiceCloud contact centre solutions for digital customers experience and agent productivity.
DIGO – Communications Platform as a ServiceDIGO is an in-network cloud communications platform, enabling you to power up converged contextual human-to-everything conversations globally.
Unified Communication Resources Case studies, industry papers and other interesting content to help you explore our unified communications solution better.
IoT SolutionsThe Internet of Things is transforming the way we experience the world around us for good. Find out more about our Internet Of Things related solutions here.
Mobility SolutionsTata Communications’ mobility services enable your enterprise to maintain seamless communication across borders, with complete visibility of cost and usage.
Multi-Cloud SolutionsWith enterprises transitioning to a hybrid multi-cloud infrastructure, getting the right deployment model that yields ROI can be a daunting task.
Cloud ComplianceCompliant with data privacy standards across different countries and is also designed to protect customers’ privacy at all levels.
IZO™ Cloud Platform & ServicesIZO™ is a flexible, one-stop cloud enablement platform designed to help you navigate complexity for more agile business performance.
Managed Infrastructure ServicesIntegrated with our integrated Tier-1 network to help your business grow efficiently across borders.
Cloud PartnersWe support a global ecosystem for seamless, secure connectivity to multiple solutions through a single provider.
Governance, Risk, and ComplianceRisk and Threat management services to reduce security thefts across your business and improve overall efficiencies and costs.
Cloud SecurityBest-in-class security by our global secure web gateway helps provide visibility and control of users inside and outside the office.
Threat Management - SOCIndustry-leading threat-management service to minimise risk, with an efficient global solution against emerging security breaches and attacks.
Advanced Network SecurityManaged security services for a predictive and proactive range of solutions, driving visibility and context to prevent attacks.
Cyber Security ResourcesCase studies, industry papers and other interesting content to help you explore our securtiy solution better.
Hosted & Managed ServicesTata Communications provide new models for efficient wholesale carrier voice service management. With our managed hosting services make your voice business more efficient and better protected
Wholesale Voice Transport & Termination ServicesYour long-distance international voice traffic is in good hands. End-to-end, voice access & carrier services which includes voice transport and termination with a trusted, global partner.
Voice Access ServicesTata Communication’s provide solutions which take care of your carrier & voice services, from conferencing to call centre or business support applications.
CDN Acceleration ServicesOur CDN Web Site Acceleration (WSA) solution helps deliver static and dynamic content, guaranteeing higher performance for your website.
CDN SecuritySafeguard your website data and customers’ information by securing your website from hacks and other mala fide cyber activities.
Video CDNDeliver high-quality video content to your customers across platforms – website, app and OTT delivery.
Elevate CXIncrease customer satisfaction while empowering your service team to deliver world-class customer experience and engagement.
Live Event ServicesTata Communications’ live event services help battle the share if eyeballs as on-demand video drives an explosion of diverse content available on tap for a global audience.
Media Cloud Infrastructure ServicesTata Communications’ media cloud infrastructure offers flexible storage & compute services to build custom media applications.
Global Media NetworkTata Communications’ global media network combines our expertise as a global tier-1 connectivity provider with our end-to-end media ecosystem.
Use CasesUse cases of Tata Communications’ Media Entertainment Services
Remote Production SolutionsMedia contribution, preparation and distribution are highly capital-intensive for producers of live TV and video content, and their workflows are complex.
Media Cloud Ecosystem SolutionsThe Tata Communications media cloud infrastructure services offer the basic building blocks for a cloud infrastructure-as-a-service.
Global Contribution & Distribution SolutionsTata Communications’ global contribution and distribution solution is built to reduce capital outlay and grow global footprint.
Satellite Alternative SolutionsAs more and more consumers choose to cut the cord & switch to internet-based entertainment options, broadcasters are faced with capital allocation decisions.
LeadershipA look into the pillars of Tata communications who carry the torch and are living embodiment of Tata’s values and ethos.
Culture & DiversityHere at Tata Communications we are committed to creating a culture of openness, curiosity and learning. We also believe in driving an extra mile to recognize new talent and cultivate skills.
OfficesA list of Tata Communications office locations worldwide.
SustainabilityTata Communications adopts a holistic approach and harnesses the power of new-age technologies like 5G, IoT and AI to build a sustainable digital world.
FAQCheck out our FAQs section for more information.
BoardHave a look at our board of members.
ResultsFind out more about our quarterly results.
Investor PresentationsFollow our repository of investor presentations.
FilingsGet all information regarding filings of Tata communications in one place.
Investor EventsAll investor related event schedule and information at one place.
GovernanceAt Tata, we believe in following our corporate social responsibility which is why we have set up a team for corporate governance.
SharesGet a better understanding of our shares, dividends etc.
SupportGet all investor related contact information here.
Oracle
Amazon Web Services
Microsoft
Google Cloud
IBM Cloud
Salesforce
Alibaba Cloud
Digital Futures
Smart Cities
Corporate Venturing and Innovation