As the Internet of Things grows, anxieties over enterprise and consumer security understandably grow with it. The basic question is a reasonable one: how can we ensure this surge in global connectivity delivers the benefits and efficiencies it so credibly promises, without simply opening up countless new points of attack for cybercriminals?
The answer is for leadership to come from those whose proficiency and livelihoods are immersed in, and dependent on, precisely this question. As providers of the glue which holds the IoT together, the mobile industry has a natural interest in ensuring that the edifice is sound, and that those entering it are confident in doing so. Without consumer trust, the IoT cannot happen – and trust is earned.
So, what better illustration of the industry’s capacity to build trust in the IoT, than that it is already doing so? The GSMA IoT Security Guidelines – a comprehensive set of best practices for the secure design, development and deployment of IoT solutions – are testament to that success. First published in 2016, and updated to keep pace with the IoT’s development, these represent the industry’s enduring commitment to ensuring rigorous adherence safeguards are observed, and consumers are protected. The Guidelines cover not only services and endpoint ecosystems, but networks themselves, and are underpinned by a structured IoT Security Assessment to ensure effective compliance. Developers, manufacturers, service providers and operators themselves share a common interest in achieving a secure IoT for their customers, and this is how they pursue it. This pragmatic and collaborative approach is central to the ethos of the mobile industry, which has recently underscored its commitment to ethical business practices following the launch of the GSMA’s ‘Digital Declaration’.
A common understanding of fundamental issues like security is essential to growth – and operators, with their partners in the vertical industries, have made plain their recognition of this. One leading operator, for instance, integrates the Guidelines into their request-for-proposal processes, to ensure awareness and compliance among their industry partners; in this way, entire ecosystems and supply chains operating in the IoT are being made more secure by the mobile industry’s own initiative. Recognition has been achieved too from those without a commercial stake – throughout 2018, we saw widespread backing of the Guidelines from standards bodies and indeed governments. In March, at the GSMA’s seminar ‘Creating a Connected and Secure Future’, the GSMA IoT Security Guidelines received backing from NIST and ENISA, and, later that month, were endorsed by the UK Government in its IoT guidance report ‘Secure by Design’. The ground is now well prepared for the coming explosion in volume of IoT devices and services.
That this common approach has been successful is laid out in the GSMA’s Security Champions report, bringing together input from leading operators on how this flexible framework has been able to address security concerns across the diversity of the IoT. With this latest publication, the mobile industry clearly demonstrates that it can help to provide the assurance upon which the IoT itself relies – protecting enterprises and consumers alike.