Securing an open-source OS for IoT

These days many operating systems for Internet of Things devices include an open-source license, but vigilance is needed to adequately protect the attack surface.

An ESG survey has indicated 38% of storage decision makers expect IoT workloads to drive on-premises storage spending increases over the next two years. Some 33% of respondents expected cloud spending increases.

The trend means that Internet of Things (IoT) is increasingly finding its way into the chief executive’s itinerary, as part of a renewed emphasis on cybersecurity protection and data security.

A slide deck prepared for IoT World Today by Chris Sherman, senior analyst for cybersecurity at Forrester, suggests around 37% of cybersecurity decision makers believed the greatest operational peril came from embedded IoT solutions in assets or operations, while 33% must contend with protecting embedded IoT in their products.

Going forward, it’s crucial for businesses to integrate open-source environments like Linux effectively, while avoiding security pitfalls that could jeopardize their data security.

:“The operating environment plays a key role in the management of these workloads,” said Paul Nashawaty, senior analyst at ESG Global. “Data growth from these workloads needs to be managed, but how IT vendors address this growth will be determined by the integration of the systems.”

Cybersecurity has been a threat for open source Linux systems. While the nature of the threat fluctuates over time, the incentive for attackers is arguably greater as connected devices have now become ubiquitous and provide a larger attack surface.

On the one hand, the global installed base of IoT devices is set to reach 46 billion by 2021, according to Juniper Research, and that increases the overall attack surface. But there are also a larger number of devices per network. This provides economies of scale to the value of stolen cyber goods. As it takes longer to hijack all nodes in the typical IoT network, multipronged cyber-marauders such as botnets might face something of an opportunity cost, Nashawaty said.

As IoT is pervasive, so are the dangers. One risible fiasco emerged in tech media reports four years ago, when a U.S. casino chain suffered a personal data breach from one of its internet-connected fish tanks.

The potential for breaches with reverberating effects will grow as a deluge of data is anticipated from more advanced IoT data sources, such as artificial intelligence and high-risk security footage.

Already away from the IoT sector there are cases of major firms suffering reputational damage. Nashawaty said: “[The risks include] compromised devices becoming part of a botnet, up to and including data loss. There are definite examples I’ve been given where data exfiltration has occurred via connected devices such as phones or printers.”

Safety First For Your Open Source OS

When selecting a distribution to run on IoT devices, it’s best to opt for open source IoT configurations that are specifically tailored to this environment. It’s also helpful to have the budget to back up your intentions and hire IT specialists that can keep the open source environment running smoothly.

To read the complete article, visit IoT World Today.