We hear a lot about how the IoT is transforming people’s work and daily lives, but for me, its impact goes deeper. As a Type I diabetic, I depend on data from an IoT device to stay healthy. If I can’t trust my latest blood sugar reading, the results can be catastrophic. Health care use cases like mine represent some of the many examples that underscore the importance of data integrity. Stacey Higgenbotham expressed it perfectly in a recent post: “If a business or consumers can’t trust the data, the IoT fails.”
The IoT is all about making better, more informed decisions, and data is the foundation that makes those decisions possible. As the IoT gains maturity, we’re seeing its impact across more and more industries and use cases.
In agriculture, smart sensors are in widespread use for real-time crop monitoring to help farmers track the state of their products. Tools like motion detectors, light detectors and moisture sensors can be brought together to support predictive analysis and enable smarter, more automated decisions. IoT sensors are also tracking the location and health of livestock to help farmers detect disease outbreaks and isolate animals if needed.
Most of us have seen how the IoT has revolutionized the safety and efficiency of the home, providing unprecedented control over appliances, heating and cooling systems, smart metering and lighting. Security cameras, alarm systems and smart locks are strengthening physical security and bringing residents peace of mind. As these smart home systems mature, they are also becoming increasingly integrated, personalized and automated.
The global pandemic is also helping shape IoT adoption. Forrester predicts that manufacturers, pharmaceutical firms and utilities are increasingly switching to remote experts and technicians for support. To manage and repair their assets without extended downtime and costly travel, these industries have begun connecting previously disconnected machines.
What do these diverse use cases have in common? Without trusted data from connected sensors and devices, all of them become vulnerable and the decisions they support become questionable. Inaccurate moisture data from a sensor could cause a farmer’s crops to fail. A compromised smart lock could leave a home vulnerable to theft. In a manufacturing environment, inaccurate telemetry from a connected machine could lead to factory floor shutdowns or damaged assets. The positive business outcomes enabled by the IoT all hinge on working with accurate, timely and trusted data.
Signing Is Key to Strengthening IoT Data Integrity
Establishing data trust should be top of mind for IoT device manufacturers, and it is imperative that they take steps to ensure that data is not being manipulated in transit or at rest. This protection applies not only to data packets exchanged by the devices and applications but firmware updates and supply chain processes.
The recent executive order signed by president Biden underscores the need for measures like code signing. Focused on improving the nation’s cybersecurity, the EO presented guidelines and general best practices for federal departments, agencies and contractors. However, its impact is also likely to extend to technology and infrastructure companies.
Some of the strongest direction in the EO is intended to improve the security of software as well as supply chains for technology manufacturers. The order establishes baseline security standards for the development of software sold to the government, including requirements for improved visibility into that software and making security data publicly available. The order acknowledges that too many devices and software releases contain vulnerabilities that bad actors could exploit.
Effective Code Signing Requires Strong Management
Fortunately, a proven solution is available today to help manufacturers ensure data authenticity, confidentiality and trust for their IoT solutions. Best practices like code signing can help manufacturers bake security into each and every stage of their development processes. By applying digital signatures, organizations can assume full control of their development. They can confirm the integrity of their code before it moves further along in the development cycle and is put out in the field for devices and their customers.
Code signing is only as effective as the processes and best practices that support its implementation. To make the most of digital signatures, developers and engineers need a holistic approach to management. The signing process should be seamlessly built into their development processes to simplify and ease adoption.
A common management platform should enable manufacturers to fully protect private key usage and signatures, as well as monitor and manage access to digital keys. The process should also enable organizations to support granular monitoring of their code signing processes and include historical tools like reporting and auditing for full accountability and compliance. With a process in place to continually sign firmware, software updates and other components that can ensure data integrity in device interactions, manufacturers can be assured that their IoT solutions will work as intended, using data their end customers can trust.
There’s no question that as the IoT continues to extend deeper into our business and personal lives, the importance of data integrity is also rising. The stakes will only increase as more systems, processes and life-or-death decisions rely on trusted IoT data. To sustain the soaring growth of IoT use cases and solutions, it’s up to manufacturers to build security into the supply chain. With a strong data foundation underpinning today’s rapid innovation, the potential of the IoT revolution is limitless.
