News & Company Blog

Latest news and developments

Securing the IoT – Problems, solutions, and next steps

Introduction

IoT devices expose information imageA recent study by Hewlett Packard showed that about 90% of devices collect some form of personal information. This means that the privacy of the customer is always at risk, and that the threat level will keep growing with the Internet of Things (IoT). With an increase in security awareness there are now secure development practices being employed, however, identifying vulnerabilities in commonly deployed architectures is still a key concern. Companies have started to look at protecting not just their IoT ecosystem but their customers’ as well. This model means that companies can ensure end-to-end security for customer data (especially important in light of the new EU regulation) as well as opening a new revenue stream by offering IoT Security as a service.

Impacts and challenges of IoT Security

Attacks on the IoT Ecosystem have grown exponentially in recent years. Malware such as Mirai has shown that trying a device’s default username and password, or a simple dictionary attack, can grant access to millions of devices. With smart home devices such as TVs sending over 600,000 malicious spam emails, and hackers remotely hijacking a car, any connected device is vulnerable.

Customer, device brand - infographic

The challenges faced by the Internet of Things ecosystem are very different from traditional IT. Just understanding the technical aspects of attack surfaces may not be sufficient, one should be aware of the domain, purpose and, motive behind using these purpose-built devices to disrupt an entire network. These devices have limited computational power, so they cannot always run robust protection mechanisms like antivirus, two-factor authentication, and key certificate exchanges. This makes it easier to target consumers as most end users are not security aware, they do not apply strong passwords, and devices are not frequently patched. Enterprises may not regularly investigate devices deployed within their customers’ network to keep password policies and firmware updated, opening up the whole network to bad actors.

Because IoT devices are usually purpose-built, universal security standards are difficult to develop and have not been ratified internationally. Unlike typical IT endpoints such as laptops, desktops, tablets, and smartphones, IoT devices are designed to be deployed unsupervised in remote environments, meaning they are also susceptible to physical tampering.

Whereas baked-in security might seem to be the best way to address security concerns, this can leave devices with the same protocols for years without an update, and also adds to deployment costs as ‘secure’ chips cost between $7 to $17. With the device itself costing an average of $10, baked-in security could considerably increase overall costs.

Opportunity to use IoT security

Traditionally, operators provide connectivity to mobile phones and tablets in one vertical channel. But with the introduction of IoT and M2M technologies, various device types, models, and variations are introduced to the network, most of which are constrained and prevent security agents being run from within. The best approach to secure these devices is to overlay agentless, agnostic protection to monitor ingress and egress traffic of these devices.

CSPs are able to monitor the behavior of the devices they provide connectivity to, as traffic to and from these devices flows through their network. This provides Telcos an opportunity to not only enable connectivity but to provide essential security services to their users, as a value-added service, or productize IoT security in one of the ways shown below.

Why Do Organizations need IoT Focused Security?

The amount of information being generated out of endpoints and exchanged between IoT and IT networks continue to grow. There are not yet any substantial standards designed to be followed in an IoT deployment. Though there are many organizations working together to build new technologies and new standards, it may take at least a couple of years for the industry to adopt or accept these standards. With millions of data points being generated outside of an organization’s network, securing this information, the data channels, and the endpoints should be treated with the importance it deserves.

The scale of the IoT, and the amount of under-secured endpoints, is much larger than any traditional IT network, and the security risk is therefore also much higher. Considering the critical sectors that IoT devices already serve – healthcare, banking, emergency services to name a few – IoT security cannot be underestimated any longer.

IoT Tech Expo Global 2018

Alistair Elliot, the head of Pod Solutions, was at the IoT Tech Expo Global last week (18-19th April) talking to the world’s biggest connected enterprises about our advanced security solutions designed to safeguard the most sensitive or mission-critical data.

Alistair Elliott, CEO of Pod Solutions at MWC 2018

Pod Solutions and Subex partner to provide advanced security for IoT Billing and Connectivity Service

LONDON, UK, 19th February 2018 – Subex Limited, a leading telecom analytics solution provider, has been selected by Pod Solutions, a division of Pod Group to implement its IoT Security Solution, Subex Secure, as part of Pod Group’s billing and connectivity service.

Pod Group designs platforms for the people building tomorrow’s connected world. These include billing, connectivity and security services for IoT companies across a wide variety of sectors as well as enterprises and operators for millions of devices globally. Pod Solutions is the customized development division of Pod Group which partners with industry leaders to build tools that reduce the complexity and accelerate the adoption of IoT applications.

The partnership with Subex will enable Pod Solutions to develop advanced security services, allowing customers to rapidly create, deploy and bill mission critical IoT solutions with maximum security and resilience.

Speaking on the announcement, Alistair Elliott, CEO, Pod Solutions said, “Today, the security of IoT applications is one of the issues causing most concern and is therefore one of the biggest barriers to IoT adoption. We are excited to be partnering with Subex, since we identified them as a leading provider of IoT Security solutions that would be complementary to our existing network architecture and IoT business models. The Subex IoT solution- Subex Secure allows us to scale towards providing the most cutting-edge security solutions to millions of IoT devices, thereby providing us with a competitive advantage.”

“It gives us great pleasure to partner with Pod Solutions to provide resilience to their connectivity services. We were selected after a very comprehensive evaluation, wherein we proved our capability to detect various attacks through Subex threat intelligence system, leveraging our industry leading IoT honeypot. These coupled with our flexible business model and non-intrusive approach helped us to secure this partnership” said Vinod Kumar, COO, Subex Limited.

About Pod Solutions

Pod Solutions is the customized development division of Pod Group, a provider of platforms and software for the people building tomorrow’s connected world. We work to solve the most complex connectivity issues, utilizing the latest technology from our community of technology partners to develop innovative solutions to the problems that are creating barriers to IoT adoption. Pod Solutions works with cutting edge technologies and connectivity methods, collaborating with industry leaders to build a strong and lucrative IoT ecosystem.

For more information, please visit www.pod.solutions

About Subex

Subex Ltd. is a leading telecom analytics solutions provider, enabling a digital future for global telcos. Founded in 1992, Subex has spent over 25 years in enabling 3/4th of the largest 50 CSPs to globally achieve competitive advantage. By leveraging data which is gathered across networks, customers, and systems coupled with its domain knowledge and the capabilities of its core solutions, Subex helps CSPs to drive new business models, enhance customer experience and optimise enterprises.

For more information, please visit: www.subex.com

Pod Group Press Contact

Amy Garcia Rendle
Email: amy.garcia@podgroup.com
UK: +44 (0) 1223 850 900
Skype: amygarciarendle
US: +1 415 707 0500

Subex Press Contact

Sandeep Banga
Email: sandeep.banga@subex.com
Tel: +91 99168 24122
Subex Ltd.

Looking forward to MWC, BCN 2018

Looking forward to Mobile World Congress, Barcelona!

We’ll be at booth #7C21L, Hall 7, Great Britain Tech Zone, for the entire show, 26 February – 01 March.

Pod Solutions stand at MWC, BCN
Alistair Elliott, presenting.

Another successful MWC!

It was great seeing everyone and having a chance to meet up with clients and prospective clients during this busy week in San Francisco.

Alistair Elliott, Pod Solutions CEO at MWCA 2017
Alistair Elliott with Colleagues at MWCA 2017

Come see us at MWC Americas 2017!

MWCA20017We are looking forward to another great event in September when we will be exhibiting at Mobile World Congress Americas in our home town of San Francisco! We will be at stand N242 with our colleagues from PodM2M and we have a great line up of announcements and new solutions to share, so make sure you include us in your itinerary if you are planning to visit the show.

More about the event here: www.mwcamericas.com

Pod Solutions at Mobile World Congress 2017

We are happy to be at MWC 2017 in Barcelona alongside our Pod Group colleagues. On this second day, there are hundreds of exhibitors, presentations, and distinguished keynote speakers. During our time here, we have met many interesting contacts, old and new, and have enjoyed sharing how we can create customized solutions for our client’s complex connectivity needs. Read the Pod blog or follow us on Social Media to keep up with our experiences at the congress! If you are in Barcelona come find and connect with us at stand 7c72j. We’d love to see you!    

We will be at the European OSS/BSS Summit

We will be at the European OSS/BSS Summit (date to be announced) later this year

The conference was to be held early in the year but has been postponed, it is intended to bring together senior representatives from the telecoms industry (fixed line, mobile, internet, mvnos, OTTs), as well as technology & solution providers. The event aims to facilitate networking opportunities as well as high-level peer engagement.

The European OSS/BSS Summit banner