• While there are many approaches to IoT security, consumers and businesses still have reasonable doubt – will carriers and vendors be able to sway public opinion?
• Service providers talk about the need to provide security at every layer – at end and edge devices, for data in transit through multiple networks, and to cloud services providers and applications. Verizon is well on its way to realize this goal.
Every survey conducted by GlobalData on IoT (and every other one I have ever seen) over the past five years notes that the major barrier to adoption of IoT is still fear of the lack of end-to-end security and “the end” of data privacy. It doesn’t help that in-home devices such as cameras and voice assistants have already caused some famously embarrassing invasions of privacy. We are approaching a time when 5G-enabled low latency, high speed, and “massive” bandwidth availability may finally push IoT adoption towards the tens of billions of devices that have been predicted for years. But alongside this growth is a vision of billions of unprotected, unmanned devices in the field that are able to not only see and hear what humans say and use this data to sell products, but may cause serious breaches to business and government systems that have already been weakened by cyber-security malware and identity theft.
Verizon’s recent Mobile Security Index, conducted annually, which surveys enterprises on their mobile security practices and experiences, noted that 31% of respondents had suffered a compromise involving an IoT device over the last 12 months. Verizon’s approach is to provide security across device, network and cloud services layers. Verizon sees the following capabilities as necessary to secure IoT end-to-end.
• Life of device digital identity
• Secure boot
• Over the Air updates
• Ability to lock down physical ports
• Interoperable device security standards
• Interoperable network security standards
• Virtual private networks
• Private IP
• Private IP Connection to public clouds
• Configurable policies
• Physically secured resources
To accomplish this, Verizon has a portfolio of IoT security offerings encompassing the following products.
• SIM-Secure, a customer controlled OTA solution which prevents unauthorized devices from accessing the network, prevents unintentional SIM re-use, and devalues stolen SIMs. It also reduces fraud and controls unwanted expenses caused by data overages.
• ThingSpace Service Operational Device Security (ODS), a Verizon-Mocana solution which provides remote policy/event management.
Network solutions (for data in transit):
• Wireless Private Network (for LTE Advanced and upcoming 5G)
• Secure Cloud Interconnect (to third-party cloud services providers)
• Verizon-hosted IoT Security Credentialing service.
Cloud and Application layer Security:
• Verizon’s ThingSpace IoT platform controls API and portal access via authentication and provides monitoring and operational management via secure firmware updates and protocol upgrades.
• Verizon offers a Network Detection and Response solution, a threat management/intrusion detection service for both IoT and non-IoT customers.
Verizon also offers a ThingSpace services bundle that detects, protects and respond to IoT threats with SIM Secure and account alerts to prevent fraud; device location services to ensure a device fleet is where it should be; and diagnosis of network and device issues with the ability to patch devices in the field.
Adoption of these services among Verizon IoT customers is high, with, for example, about 80% of customers using private wireless networks. In another example, SIM-Secure is used by companies providing ride-share scooters that might otherwise be subject to SIM stealing.
While wary customers may still view security as an obstacle to deploying an IoT project, these kinds of solutions should help overcome many of their fears.