Security Testing Should Be The Highest Priority For The Internet Of Things
“Although the secure by design approach is the right one to adopt, it is rarely applied in the Internet of Things development process.”
Companies that integrate Internet of Things solutions into their working practices must make testing a priority, especially if they want to reduce the chances of a security breach.
A recent report by global consulting firm Capgemini said that security is the ongoing concern in the Internet of Things. According to Capgemini’s World Quality Report 2016, 85% of companies have a vested interest in integrating Internet of Things products or devices into their working practices but less than one third have a comprehensive test strategy.
The report—published by Capgemini in conjunction with Hewlett Packard Enterprise—said the majority of companies rely upon a manufacturer to test an Internet of Things device. Around 65% of people said that security—in all aspects of IT strategy—was the most important element to consider, with the Internet of Things cited as a vulnerable area.
On a scale of one to seven (one being the least challenging), people gave security testing in the Internet of Things a score of 4.70. The report said that testing between the different layers that contribute to the device itself—the application, data/business intelligence and the communications bridge—can be a stumbling block for internal IT departments.
“The challenge of testing this interaction between layers receives an average 4.67 score, putting it above those of testing the integration with third party solutions/products (4.66) and testing non-functional aspects (4.57),” the authors of the report said. “To overcome this challenge, new ways of working must be introduced, with domain, test craftsmanship and project management experts all talking and collaborating.”
Security has been (and is likely to remain) a major concern in the Internet of Things. A recent report by global professional services company Deloitte cited the increase in connected devices as one reason why Dedicated Denial of Service Attacks (DDoS) will increase in 2017.
With that in mind, the report said that while security testing was a challenge for IT departments, the adoption of the Internet of Things propelled security to the top of the list. Companies should always employ a secure by design approach across the board but the Internet of Things is not traditional IT.
Security Testing In The Internet Of Things Is Not Mature
Internet of Things requires companies need to take a different mindset when it comes to testing. If IT departments do not make allowances for security during design planning and process, then there is only a slim chance that it will be covered during the testing phase.
“Although the secure by design approach is the right one to adopt, it is rarely applied in the Internet of Things development process,” said Capgemini. “This is due to a number of reasons, including a lack of expertise, rush to market and low security maturity compared to traditional IT.”
Around 46% of people said that the Internet of Things increased the number of situations to test.
For example, the report said that connected devices gave companies access to operational intelligence—improved diagnostics, device data recorders, real-time monitoring and analytics—that would require testing solutions. These increased opportunities would necessitate testing earlier in the development cycle. The challenge for IT teams was the speed at which products—the thing itself—and the associated software appear.
Artificial intelligence and machine learning were also cited as future challenges. As the Internet of Things matures, companies will need to test and validate devices that have a form of AI, especially if those devices have a direct impact on working practices.
Connected devices impact the physical world but the security testing approaches taken (to date) are not mature and need to be reassessed, the report said. A security breach can have far-reaching effects, which makes the need to test Internet of Things solutions as early as possible in the integration process a priority.
“The impact of the Internet of Things is far broader than security alone,” the authors of the report concluded. “Different types of test focus areas are needed for the end-to-end validation of an Internet of Things solution. For example, interoperability, usability, efficiency, performance and compatibility, to name just a few, must be taken into account. As this exciting technology development grows exponentially, testing must keep up.