The Internet of Things (IoT) trend is significant, and will blossom over the rest of the decade. Imagine, however, with so many connected devices, how the security issue becomes critical! Let’s explore with Coby Sella.
Sramana Mitra: Let’s start with introducing our audience to yourself as well as to Sansa Security.
Coby Sella: I have been the Managing CEO for Sansa Security for the last four years. Sansa Security is a security-oriented company focused on IoT. We see ourselves as solving deep security problems in a smarter way.
Sramana Mitra: When you say focused on security in the IoT world, tell us more about specifically what the security issues and what kind of challenges the IoT world is facing vis-a-vis security? What part of that are you solving?
Coby Sella: There are multiple challenges that differentiate the IoT security challenges from any other market. The first aspect of it is the diverse set of devices out there with very diverse processing capabilities and security infrastructure within. You will have to create a solution that is trying to address as many of these devices and trying to abstract the differences between them.
Second aspect of the challenge, which is relatively similar but comes from the security domain, is there are multiple types of attacks that are applicable to different IoT devices. If you have a thermostat at home, the typical way for somebody to hack into it would be via impersonating the website that this device is supposed to communicate with, as opposed to a measuring device somewhere out in the field where the hacker can very easily physically try and attack the device. The complexity of IoT, as far as security is concerned, is two-fold. It’s not just the devices themselves but also the types of attacks that are possible.
There’ are many more challenges in the context of configuration and control, which needs to be done remotely at times. There’s a lot of challenges in provisioning and authenticating these devices. How can I make sure that I can inject a secret or a configuration situation to a device that is remote? All of these things are significant challenges. Another important one is the topology of the IoT. At the beginning, we saw a lot of devices that have a singular connection to certain web service that communicated directly with them. You now see more and more meshed devices. Sometimes, there would be a hub. Along the way, your mobile phone will be used to manage some of that. That topology is very convoluted. One needs to create a security solution that will apply to these shifting targets.