IoT: Risk Management Only with Security by Design

The Internet of Things is at the heart of all efforts to digitize the industry. The two key features are the networking of machines and the processing of real-time runtime data in the cloud. This enables innovations such as predictive maintenance or continuous production optimization, which promise a significant improvement in productivity while at the same time reducing personnel costs. But digitization is also increasing the demands on the IT infrastructure, which is potentially becoming more vulnerable due to the new interfaces with the outside world. Existing IT infrastructures have often not been designed to be accessible from the Internet, and existing security measures are often inadequate because of reluctant reliability requirements.

Risk management and IT security

A proven means of countering risks is insurance. Cyber insurance is now offered by various providers. However, the service portfolio and the maximum amount of damage covered are still quite limited. As a result, there is no way around IT security measures. For a waiver of technical measures and an exclusive use of insurance would inevitably lead to a general increase in security incidents and thus damage. However, an insurance policy is only cheap if the number of claims are low. As the number of security incidents increases, business cyber insurance will become more expensive. At best, cyber insurances are therefore a complementary measure on the way to Industry 4.0, but they can not replace the actual IT security.

Cyber security in the IoT

So what are the biggest security challenges of industrial IoT solutions? First of all the long investment cycles. For example, there is a broad consensus among security experts that providing devices with up-to-date security updates provides the highest level of security. However, the practice in many companies is completely different. In fact, no updates are made while the system is running, although vulnerabilities are common knowledge. This is partly because many manufacturers do not provide their products with updates. But also the concern about disturbances of the production process by updates is large, so that these are not recorded or strongly time-delayed. At this point, insurances can help

The second key challenge is how to implement Security by Design in the IoT to avoid subsequent, expensive hedging. The most promising approach today is IoT platforms, which can provide IoT applications with a secure yet functional foundation. Data-based IoT applications typically consist of two parts. On the one hand, the machine data are already pre-processed in the production facilities and these intermediate results are then sent to the cloud for final processing.

IoT gateway and cloud gateway

Many IoT platforms follow this split by providing two components: IoT gateways and the cloud gateway. The IoT gateways are devices that are placed at the perimeter between the machines and the Internet. They provide basic functionality such as encrypted communication or secure management, and provide a runtime environment for IoT applications that pre-process runtime data. The strict separation of security systems and application enables a high degree of IT security with the greatest possible flexibility. So the platform offers security by design. However, the actual data processing runs the applications in the cloud. So that this data can then be processed by the associated IoT service in the cloud storage.

Even applications such as secure remote maintenance are possible with IoT platforms. For example, a remote service provider can connect to a cloud service, which in turn communicates with a corresponding remote maintenance application on the IoT gateway. The enforcement of security through encryption, access control, and monitoring is provided by the IoT platform. At the same time, their flexibility enables the highest level of innovation in the implementation of new applications that make up Industry 4.0.

Conclusion

The IoT offers the outstanding opportunity to bring the innovation potential of the cloud into the industry. In order to counteract the associated risks of networking, solutions with security by design as a solid basis and cyber insurance as complementary measures are available.

In particular, secure IoT platforms have the potential to provide maximum flexibility at a high level of security.

For more information on how IoT can affect your business, or start implementing IoT, contact us today.