The Transportation Security Administration is perhaps the last place you’d expect to find words of wisdom pertaining to the internet of things. That being said, just like with airport safety, when it comes to IoT, security really is everyone’s responsibility.
In the tech world, this necessitates that teams building connected products are in lockstep on cybersecurity. The challenge of marching in this formation depends a lot on the product being developed. A simple sensor thats sole function is to transfer data to the cloud is much easier to secure than, say, a Wi-Fi-enabled police body camera or a public safety drone with live-streaming capabilities. The latter challenge is what Jenner Holden, Chief Information Security Officer at Axon, and his team are working on.
Axon develops an ecosystem of cloud software and devices designed to enable safety leaders to protect life. Given that the company’s products are designed to both capture video and data from emergency situations and transfer it to the cloud, information that may later be used in court cases, Holden and his team have a heightened interest in keeping Axon’s products safe from hackers.
Built In Seattle recently had the chance to speak with Holden to unpack how complex IoT devices pose complex security risks along with what teams need to consider when building these products.
What are the biggest security issues currently facing IoT systems, and how can technology teams protect against them?
Axon’s mission to protect life demands we get security right. Complexity is one of the key reasons that IoT systems are notoriously difficult to build and maintain securely. The typical IoT device needs to “get security right” for hardware interfaces, low-level firmware, wireless interfaces, local storage, encryption implementations, mobile application connections, cloud API connections, local web applications and more.
Often, this means that many different development and product teams need to be in sync on the security objectives and trade-offs, development standards, success criteria and testing protocols starting very early in the development lifecycle.
