AT&T, Cisco say security remains key concern in Internet of Things

ORLANDO, Fla.--If a recent Goldman Sachs forecast that there will be 28 billion devices connected to the Internet by 2020 comes true, AT&T (NYSE: T) and other service providers enabling these connections will have a large security challenge on their hands.

A big contributor to this growth will be driven by the Internet of Things (IoT) concept, which Goldman Sachs says is the next mega-trend.

During the "Internet of Things: Our Connected World" panel at the Comptel trade show, representatives from AT&T, Cisco and Clear2There discussed how they are addressing security concerns for IoT today and preparing for potentially future threats.

Being one of the early IoT purveyors that have provided remote tracking services for a variety of industry verticals for over 12 years, AT&T said it has built in security elements in both the device and at the network level.

"Security is obviously top of mind for our customers and we designed solutions with multiple layers of security--especially with the Internet of Things--by securing devices at the network layer where they are not visible to the Internet," said Shiraz Hasan, area VP for the industrial Internet of Things solutions group for AT&T Mobility. "We have the ability in the IoT space to provide private IP addresses to the devices that can be dynamically or statically assigned and we can also layer on software security via VPN."

Hasan added that as security concerns escalate in the IoT concept, the counter-measure industry concept will emerge. One startup has developed new wearable devices that can allow a consumer to prevent someone from taking a person's picture without their permission, for example.

"I think in the Internet of Things there will be another industry that will evolve, which will be the counter measure of the IoT stuff," Hasan said. "Imagine a scenario where I go out to dinner with my wife and kids and there's someone sitting near me and they start taking pictures of my family and start posting... I was at an event in San Francisco where there was a startup that has created wearables that if a camera gets pointed at you, it won't let you take the picture."  

AT&T and others will have plenty of help from a host of infrastructure providers such as Clear2There and Cisco.

Being a partner to service providers, Clear2There has taken a hybrid cloud approach that leverages an application processor resource in the telco's central office to manage portions of smart premise services. The gateway in this model is employed as a thin client to businesses and consumer homes that communicates securely with sensors and devices, then the data is tunneled via VPN to the application server at the telco's central office.

By taking this approach, the company says that a service provider can fully control the features it provides enabling them to deliver bandwidth Intensive solutions such as video by leveraging local availability while avoiding the bottlenecks of the public Internet.

Kris Venturini, director of Service Providers for Clear2There, agrees that these models and having all of the intelligence in the device can also create security issues for anyone pursuing an IoT strategy.

"There are some models out there where all of the intelligence resides in the gateway or the panel at the home or business and that makes it very vulnerable to an attack or if it fails, you have to do a truck roll," Venturini said. "It creates a support nightmare while the customer is down and can't use their service."

Cisco, which has been expanding its cloud and IoT vision, says that while remote sensors may only be sending out small amounts of data, the fact that those devices are IP-enabled creates a new attack vector.

"If you look at what happens in the IoT space and you have sensors and microcontrollers that are running small amounts of code, but if they are IP enabled you have a whole different attack vector that is capable of being amplified," said Jason Houx, consulting system engineer for Cisco. "Understanding where your perimeter is and understanding what the attack vector is fundamentally important, but it also comes down to your operations and management because you need to be able to identify security vulnerabilities in microcontrollers."

Houx added that service providers enabling IoT applications for their clients need to be aware of vulnerabilities and how to fix them before a potential breach occurs.

"We really want to create a network layer that notifies you when someone is taking advantage of the vulnerabilities and that really comes down to full visibility into your network devices," Houx said.

Related articles:
Windstream, Ovum study says U.S. has large addressable market for the connected home
AT&T Mobility CMO sets sights on creating value, not just low-priced services
AT&T sets pace for new IoT innovations at Texas-based Foundry
Ericsson buys MetraTech, extends OSS reach into transport, utilities

This article was updated on April 22 to correct information about Clear2There's approach to IOT.