Are M2M Communications Secure?
April 18, 2013 Leave a comment
- If M2M grows the way the ecosystem hopes it will, there will be millions and even billions of end points sending continuous (as well as more sporadic) data across wired and wireless networks, including proprietary and mission-critical pieces of information about customers and businesses
- What are operators, systems integrators, and security software and services specialists doing about this? Why doesn’t security seem to be discussed as openly as other M2M requirements?
When holding briefings with operators involved in M2M, security and privacy issues come up occasionally. Generally mobile operators offer APNs, which means that an M2M device is connected to the customer’s private IP network or cloud rather than directly to the carrier’s wireless network or the public internet. This provides a level of built-in network security but doesn’t deal with breaches that come through a corrupted end-point. Nor does it always prevent unwarranted or malicious access to data behind the firewall. Adding encryption to sensors or other low-end M2M endpoints let alone putting it in a chipset or module may be overly expensive, as is adding end to end encryption to the entire data flow in between the “machine” and wherever the collected data is being sent. SIM cards within embedded modules generally have some level of built-in authentication, but how about application security, device OS security, or the kind of proactive security practiced routinely for remote laptops and mobile devices such as frequently updated anti-virus/spam/denial of service software, intelligent threat detection, and all-purpose managed security services?
Issues of security and privacy are also complicated by geographical and vertical differences; regulation, especially when it comes to customer privacy, can be very different in the U.S. than in Western Europe, let alone in emerging economies, and many verticals such as healthcare, financial services and retail businesses have unique privacy requirements to protect customer data. Eventually, security for M2M is going to become not only mainstream but a new source of value-added services revenue to operators, SIs, device OEMs, application platform providers and security specialists. However, there will need to be a balance between the cost of these solutions and their worth, given the low ARPUs for operators offering 2G/3G M2M connectivity, and the often high expenses involved in deploying many M2M applications.