Evans Data Finds Vast Majority of IoT Developers Optimize Projects for Security

In 2018, a vast majority of developers are paying much more attention to security issues, according to a recent survey. Evans Data Corp’s latest IoT and Mobile Development Survey found 80% of developers working on IoT projects – especially that also involve mobility -- optimize for security. IDN speaks with Evans Data’s Director of Research, Michael Rasalan.

by Vance McCarthy

Tags: Evans Data, developers, IoT, mobile, security,

Michael Rasalan, Evans Data
Michael Rasalan
director of research
Evans Data


"For developers, the very nature of IoT demands more attention from the security standpoint."

Mobile + IoT Summit
Your Guide to Building the Connected World
An Online Conference

In 2018, a vast majority of developers are paying much more attention to security issues, according to a recent survey by Evans Data Corp.

 

The company’s latest IoT and Mobile Development Survey, released in July, found 80% of developers working on IoT projects – especially that also involve mobility -- optimize for security.

 

“As IoT moves from PoC to commercial deployments, we expect that malicious actors will be drawn to these deployments, as they would be to any other platform that can be a vector for intrusion,” Evans Data’s Director of Research, Michael Rasalan told IDN. This is especially true, “since there’s just more applications for IoT in the wild,” he added.

 

We asked Rasalan whether this intense level of attention on security by developers marks a shift in how programmers design and build IoT projects.

 

“For developers, the very nature of IoT demands more attention from the security standpoint, particularly because these devices are all transmitting or recording data in real time. Much of this data can be proprietary or personal, and as commercial data is exposed or shared via connected devices, more scrutiny is required,” he said.

 

That said, because IoT projects typically use a combination of mobile, cloud and data, developers have long been involved with security, Rasalan added.

 

“Historically, we’ve found that for IoT, security data in transit has been particularly important for developers. This includes issues at the network level, or in the cloud, as well as potential data storage compromises. This doesn’t mean developers aren’t focused on other areas, but these certainly get a lot of attention from them,” he said.

 

Increase in Focus on IoT Security Comes as 70% of Developers Report Breaches

Evans Data survey also reported that more than 70% of those working with IoT systems report they have suffered some kind of security breach within the past year.

 

While the Evans Data survey does not provide specific accounts of these data breaches, there were general trends in security breaches Rasalan could highlight. “Historically, we’ve found that developers are most threatened by data breaches that result in intellectual property theft, or come from cyber-crime syndicates, and cyber-warfare from rogue actors and nation states. So these attacks are not just limited to DDoS events,” he told IDN.

 

Evans Data also noted that the widespread nature of such attacks has prompted those working on IoT to “to scrutinize their security systems.” 

 

We also asked Rasalan whether developers were happy with off-the-shelf products for such IoT security reviews – or whether they were looking for more custom or home-grown ways to assess their IoT security.

 

This depends on the type of IoT project, Rasalan said, as well as the how deeply involved the developers are in the actual IoT design architecture.

 

“Adding various types of authentication is critical,” he said. In fact, the report noted Authentication is proving to be a “critical component,” of any security system for IoT projects. Evans data found with 78% of IoT developers reporting they currently use device-to-device authentication. Further, 59% use device-to-service authentication. 

 

Beyond the device connection, for authenticating or authorizing connectivity to a centralized service (cloud, edge, etc.) the survey found developers are most likely to use Secure Remote Password Protocol (47%) or Constrained Application Protocol (37%).

 

Even for developers not so involved in creating the actual IoT architecture, security still is a major focus, Rasalan noted.

“There are those developers who work with the tools and protocols that are built into the IoT platform they are using. There are also developers whose companies actually create their IoT hardware and create a detailed spec for the architecture,” he said. These developers too, are paying a lot of attention to security issues.

 

Evans Data found that “biometric authentication” is among those IoT technologies enjoying growing popularity to secure those IoT projects with a human machine interaction.

 

“While it’s clear that IoT has a very compelling need for security optimizations there are also new advances that help developers secure their connected device projects,” added Evans Data CEO Janel Garvin. More than 25% of IoT developers now use biometric authentication, with another 40% working on projects that are planned to have that capability, Garvin added.

 

“Biometrics is certainly a popular means of securing devices when we’re talking about applications that have a UI that requires human interaction,” Rasalan said. “In another domain, IoT machine-to-machine projects – those that don’t require human interaction - use other means of protection, including a range of data encryption, both on the devices themselves, at the backend – and in transit,” he added. 

 

Evans Data’s Mobile and IoT Development Survey explores developers’ activities and perceptions surrounding Mobility and Internet of Things. In addition to security, other focus areas include demographics, development approaches, platforms, enterprise development, AI, machine learning and more.




back