Are M2M Communications Secure?

Kathryn Weldon
Kathryn Weldon

Summary Bullets:

  • If M2M grows the way the ecosystem hopes it will, there will be millions and even billions of end points sending continuous (as well as more sporadic) data across wired and wireless networks, including proprietary and mission-critical pieces of information about customers and businesses
  • What are operators, systems integrators, and security software and services specialists doing about this? Why doesn’t security seem to be discussed as openly as other M2M requirements?

When holding briefings with operators involved in M2M, security and privacy issues come up occasionally. Generally mobile operators offer APNs, which means that an M2M device is connected to the customer’s private IP network or cloud rather than directly to the carrier’s wireless network or the public internet. This provides a level of built-in network security but doesn’t deal with breaches that come through a corrupted end-point.  Nor does it always prevent unwarranted or malicious access to data behind the firewall. Adding encryption to sensors or other low-end M2M endpoints let alone putting it in a chipset or module may be overly expensive, as is adding end to end encryption to the entire data flow in between the “machine” and wherever the collected data is being sent. SIM cards within embedded modules generally have some level of built-in authentication, but how about application security, device OS security, or the kind of proactive security practiced routinely for remote laptops and mobile devices such as frequently updated anti-virus/spam/denial of service software, intelligent threat detection, and all-purpose managed security services?  Continue reading “Are M2M Communications Secure?”