We have to learn the lessons of the past if we are to make the future Internet of Things (IoT) a safe environment, according to a leading voice in the field.
“The new reality of the world is that the post-password era is with us,” Jason Hart, director and CEO of Identiv, told the CARTES SECURE CONNEXIONS conference. Too often in the past, security has been a late consideration when products or services are designed, he says – but in future, it will “have to be built into the fabric of IoT” because “a connected environment is unforgiving to poor security”. Most human beings are essentially lazy, he continues, and if they use the same username and password for all the new connected devices that are starting to appear, their lives will be hugely affected if that username/ password combination is compromised. People will need a ‘trusted ID’ and that ID is likely to come in various formats, such as biometrics and digital certificates. Those certificates, built in to products from the outset, are likely to become much more prevalent. For example, in some countries where pharmaceuticals are widely counterfeited, a vaccine with a built-in digital certificate could be authenticated as genuine by someone with a phone with the appropriate reader. Future security methods have to be made “incredibly simple” to cope with human laziness and weaknesses, says Hart. It is likely, however, that no single system of authentication will cover all types of products or services, so people will need to pick platforms that can handle multiple forms of digital proof.