IoT Application Security

IoT Application Security
Table of Contents

Anyone connected to the internet will probably agree that all those prophets of tech had done their homework. IoT is impacting industries on a global scale, in pretty much every area: agriculture, government, healthcare, the automotive industry and public transportation, robotics, utilities – the list goes on and on. The diverse technological innovations around IoT connectivity are continually evolving – but are security policies and practices keeping up with that pace?

With great connectivity comes greater risk

A study by Ponemon Institute on Mobile and Internet of Things Application Security revealed how unprepared many companies are when it comes to risks caused by vulnerabilities in IoT apps, and how much concern that brings to all professionals involved. The study surveyed nearly 600 IT and IT security professionals that are familiar with their organization’s security practices during the development lifecycle of IoT applications.

The study shows that many organizations are worried about an attack against IoT apps that are used in the workplace, but despite their concern they felt that their organizations are having a difficult time securing IoT apps, and aren’t mobilizing against the threat. While 75% of respondents said they knew that the use of IoT apps increases security risk significantly, and 70% of respondents were very concerned about the use of insecure IoT apps in the workplace, nearly half said they are taking no steps or were unsure if their organization was doing anything to prevent such an attack.

According to the results, the rush to get products out to market and satisfy the market needs often take precedence over security concerns: 62% of the respondents rated end-user convenience when building and deploying IoT apps in the workplace as important considerations, and only 30% of respondents said their organization allocates sufficient budget to protect IoT devices. Many estimated that motivation to invest in security would only rise in the event of a serious security incident, new compliance requirements or news of a serious hacking incident affecting another company.

Only 20% of IoT apps tested

Most respondents pointed to a lack of quality assurance and testing procedures for IoT apps: 80% of IoT applications aren’t tested at all. They said testing is ad hoc, if done at all, even though when many of the IoT apps that are tested – contain significant vulnerabilities. In addition, when testing is performed, it’s usually not before the production phase.

Time to put IoT security first

These results are extremely troubling. As investment in IoT development continues to grow exponentially, and technologies will continue to become a bigger part of our lives, it’s important that organizations focus on security and mitigating the threats to code and data security. IoT solutions incorporate software and devices from different organizations, not to mention the prominence of open source projects in the IoT landscape. They include a variety of languages and protocols. It’s critical to put procedures and policies and tools in place, from the very beginning of the application development cycle, to ensure all components are secure. A comprehensive process that addresses security from the start of the product design process, tending to all aspects: system level security and data security management needs to become a priority.

Build a proactive AppSec program

Recent resources

Mend.io is a Strong Performer in the Forrester Wave™ Software Composition Analysis, Q4 2024

See why Mend.io is recognized as a Strong Performer in The Forrester Wave™ Software Composition Analysis (SCA) Q4 2024 report.

Read more

Mend.io & HeroDevs Partnership: Eliminate Risks in Deprecated Package

Announcing an exclusive partnership between Mend.io and HeroDevs to provide support for deprecated packages.

Read more

All About RAG: What It Is and How to Keep It Secure

Learn about retrieval-augmented generation, one complex AI system that developers are using.

Read more