The M2M problem that could scare IT departments off

ABI Research sees potential in machine-to-machine communication, but if the industry doesn’t start addressing a particular area of security it could remain a niche play

Share this article:

Machine-to-machine (M2M) networking underpins such grand web concepts as hyper-connectivity and the Internet of Things. But according to ABI Research, M2M’s advancement faces a fundamental flaw.

M2M encompasses a range of applications that connect computers for direct, machine-to-machine communication. Examples include residential smart meters that link with utility companies’ billing systems, ATMs connected with bank management software, and medical equipment that communicates with smartphones and tablets so doctors and nurses can monitor patients remotely.

The M2M market is relatively niche at this point, but ABI predicts it will grow to $198 billion by 2018. The research firm also warns that without better security at the application level, M2M won’t develop as quickly or broadly as it could.

ABI says M2M security fails to meet most corporate standards. According to senior cyber security analyst Michela Menting, network-based security mechanisms help safeguard M2M, but “security at the application level is slow to develop.” She explains that a “consistent lack of interoperability” across M2M software hampers application security advancements.

Menting points out that network security software such as firewalls and identity management systems play important roles in protecting M2M. Application security is even more important, since M2M often involves sensors and devices that are spread out over large geographic areas. This distributed architecture makes centralized network security less effective and increases the number of potential vulnerabilities.

Application-level protection is critical. Yet M2M developers usually don’t incorporate the mechanisms required for distributed security. As Menting says, “M2M devices themselves are generally left unsecured and, as they increasingly connect to enterprise backbones, such exposure poses a risk, providing a vulnerable back door into the network.”

She adds: “Although M2M threats are still few and far between, security researchers have been exposing vulnerabilities in M2M applications for some time. These affect a range of sectors including automotive telemetry, access controls, industrial control systems and medical devices.”

ABI argues that if the M2M sector doesn’t improve its security stance, market growth might stumble. IT managers could decide the technology isn’t ready to support essential, often security-sensitive applications within their organizations.

Certain M2M companies are addressing this problem. Richmond, B.C.-based Sierra Wireless, for instance, builds security deep into its AirVantage Enterprise Platform, which provides access to machine data through standard, secure APIs. According to Menting, “the company provides an end-to-end security chain from the service user on the web client to the ready agent where the module is hosted. The chain applies authentication, integrity and confidentiality through software signatures.”

The M2M market may yet reach its full potential. If the rest of the industry doesn’t get serious about security, however, IT decision makers may eschew the technology. Instead of ushering in the next generation of networking capabilities, M2M systems vendors will find themselves wondering what might have been.

While you’re waiting for M2M to mature, prepare your organization for what’s ahead. Download ‘The Converged IP Network: Your Future Productivity Depends On It,’ An Allstream white paper.

Download_whitepaper_button_orange

 

Share this article:

Trackbacks/Pingbacks

  1. M2M Insecurity Could Hinder Growth | The Security Ledger - May 9, 2013

    […] Click here to view original web page at blog.allstream.com […]

  2. An AppSec Speed Bump On The Road To The Future - May 23, 2013

    […] However, the development of the M2M market may be constrained by what ABI calls a “consistent lack of interoperability” between devices with M2M interfaces, and a lack of application level protections. “M2M devices themselves are generally left unsecured and, as they increasingly connect to enterprise backbones, such exposure poses a risk, providing a vulnerable back door into the network,” wrote ABI researcher Michela Menting in a report. […]

  3. Application Security News, Research, Trends - Veracode Blog - February 20, 2014

    […] However, the development of the M2M market may be constrained by what ABI calls a “consistent lack of interoperability” between devices with M2M interfaces, and a lack of application level protections. “M2M devices themselves are generally left unsecured and, as they increasingly connect to enterprise backbones, such exposure poses a risk, providing a vulnerable back door into the network,” wrote ABI researcher Michela Menting in a report. […]