M2M Gateways: The Savior or Nemesis of IoT Security?

by Daniel Mandell | 06/26/2014


The indisputable rise of connectivity prompted by the Internet of Things across industries will spur strong demand for gateway devices to bridge potentially thousands of sensors, machines, or other products per device to the internet or cloud for years to come. Consequently, the gateway has access to a trove of potentially sensitive and valuable data. An M2M/intelligent gateway is therefore a major security asset or liability, dependent on OEMs’ efforts to prevent current and emerging threats from afflicting host networks, or the device itself. Embedded security will be vital to the success of current and future M2M gateway solutions.

M2M Gateway: A compact, flexible class of hardware platform enabling communication between end devices in the field (e.g. actuators, sensors, etc.) and the cloud/internet, with the added functionality and/or flexibility (e.g. multi-standard support) and/or ruggedness of an embedded industrial computer. M2M gateways reside on the edge (i.e. defined boundary) of wired and wireless networks.

Nearly all OEMs we interviewed in support of our upcoming M2M and Intelligent Gateways Market Analysis Report cited data security as a major point of concern. In fact, preliminary findings from our 2014 Annual Embedded Engineer Survey echo this issue; Security Issues are cited as being the most challenging aspect of introducing embedded cloud services through M2M gateways.

Gateway Security Exhibit 062614

Gateway OEMs are implementing a number of technologies and standards within their products to ensure end-to-end data security for end users. For example, Eurotech’s ReliaGATE gateways come standard with support for encryption protocols like 3DES, AES, IPsec, and SSH. ILS Technology’s M2M Asset Gateway platform enables role-based security controls that allow users to segregate asset access in addition to the resources within each asset. Sufficiently addressing the vast array of security threats will require a multi-pronged approach by OEMs on various levels of the gateway solution stack – not only digitally but physically as well in some deployments.

As the IoT continues to spread, so too will the rise in the number of different types of attacks and malicious software. OEMs of M2M gateways will need to ensure proper security of their devices pre- and post-deployment. Over-the-air updates are a fundamental requirement of today’s M2M gateways to ensure protection throughout the lifetime of the device. Embedded security requirements are greater in some vertical applications than others, but all must meet basic protocols to merely ensure network uptime – if nothing else. Security is a major concern for the IoT, and OEMs will be held accountable for breaches and other intrusions on their devices.