Cloud security is as likely not something the average Internet of Things enthusiast thinks about on a daily basis but here we all are, embarking on a future where our houses and perhaps offices will be connected to the Internet to a degree never seen before. Many are already connected to the cloud for a myriad of reasons and hopefully none of you will have had any incidents to date – but it’s going to happen sooner or later unless you take security into account and treat it seriously. Perhaps your control system isn’t that valuable but I’ll bet the data on any PC or server you’re using to control it, is!
Elsewhere in the blog you will have read about MQTT – I first became attached to this when playing around with Arduino projects as most WIFI-enabled solutions floating around on the web have next to no security. At least with SSL and a username and password you have a hope once you open up your projects to the outside world. Even those who are doing this for fun may at some point start to think “there’s a product here” and that’s when everything changes. Two years ago I was chairing a meeting of IT executives and asked the question “how many of you have a well-defined strategy on BYOD (Bring your own device). The silence was staggering and only a few of them gave uncertain nods. I wonder if such a question was asked of Internet of Things enthusiasts about their control systems, what the response would be? With devices such as the new (fast) Raspberry Pi making it easy to send data back and forth via wired or wireless networks, there is sure to be an explosion of applications in the not-too-distant future and where there is success, cybercrime invariably follows.
Many of us use cloud services to store data or to provide graphing, transform data from one form to another etc. – often price is important, often features, but when we select our providers do we take into account their security policies? At my work for example we now insist on stress testing external party software to deliberately look for security leaks and more than one have failed those tests and had to do a varying amounts of remedial work before we will use those systems.
It’s a shame that just as the possibilities are opening up on a grand scale, the world of cybercrime is equally expanding at an unprecedented rate. We owe it to ourselves to ensure that our data is secure now and in the future. If you want to know more about security there are some interesting articles and views here
The security issues they are finding on cars now is just the beginning. I have deliberately set up my appliances that they fetch/push their commands from/to the internet i.e. controlling instance. That means I have no connections open that can be hacked. It does mean polling though and wouldn’t work for things that need reaction times in the seconds. But usually that is not required (from the internet anyway). So my lights can switch from a phone app in my home WiFi but the timer to switch them is for example Google Calendar that get’s checked every minute.