Where Does the Burden of Software Security Lie?
Last weekend, I lost my phone in an Uber. I stepped out of the car, thanked the driver, and went on my merry way. Within seconds, I realized my pockets were lighter than normal, but the driver was already rounding the corner before I could do anything about it.
Thankfully, my friend called my phone and the driver turned around in the nick of time, but my digital life flashed before my eyes in that very moment. Since I hadn’t recently backed up my phone, all my phone numbers would be gone. If anyone cracked my not-so-secure password, how easy would it be to access my mobile banking? What other info would be up for grabs?
Security is continuing to skyrocket in importance as we tie more and more aspects of our personal life to the phones we carry. And it doesn’t stop there—with the Internet of Things burrowing deeper and deeper into our daily lives, we need to understand who has access to our info and how we can best protect ourselves from those who might want to steal it.
At last year’s STARWEST Conference, interviewer Jennifer Bonine spoke with Jeff Payne, the CEO and founder of Coveros, about the growing importance of security and how IoT seemingly changes everything. She pointed toward pacemakers and implanted devices, how that data is dispersed, and people's ability to get and access that data.
As Payne points out, software of that nature is safety critical. And since IoT is essentially a supply chain of software and devices relying on other devices, the actual burden of responsibility can be difficult to pinpoint.
However, Payne argues that whoever is interacting with the consumer is the most liable and responsible. The consumer should demand more, but the consumer himself isn’t the first who should take the blame.
“It all starts with them. What they have to do is really just push back and push down on everything that they buy and demand some level of security of what they purchase that goes into their devices,” Payne explains. “I see it starting at the consumer level and being pushed back down from the person selling those devices to the consumer, to everybody in their supply chain that is providing either software or sensors or hardware systems that support that."
“They're going to have to set and use standards, security standards, and use security testing guidelines to assure that everything they get is secure. Really they're the ones with the most risk.”
With IoT, there are plenty of cooks in the kitchen. Software needs to talk to other software for everything to work as intended, so while there might be a hierarchy when it comes to security, the most important factor is that everyone involved understands the value of keeping everyone’s data protected.