The tech sector is legendary for hype and I’ve always made it my personal business to question claims about new products entering the market.
My actual business is built on a more clinical and structured version of my attitudes about product claims in this sector: we can prove or disprove if a product lives up to the hype.
So, when a friend and respected technology industry peer, Stephen Fenech editor of Tech Guide, recently posted on his social media about cheap connected lightbulbs, I’ll admit I was more cynical than clinical at first.
Stephen was saying the fact a vendor was now retailing an IoT bulb for $8 meant the technology had essentially become a ‘no-brainer’ purchase. Maybe he wasn’t exactly saying “Stop thinking about whether you need connected lightbulbs and just get them already”, but that’s how I read it the first time.
And because I’m obsessively fascinated with the cyber security of connected devices around us, my first response was a shockingly trigger finger happy (ok, fat fingered iPhone smoodging happy) and disgustingly high horse comment like: “How much security do you get for $8?”, which in hindsight, wasn’t as smart as the lightbulb I was commenting on.
I am very truly sorry Stephen.
Four and a half minutes after I’d dumped that comment onto Stephen’s socials I realised it was so unfair of me to equate price with security levels. After all, I operate an independent test laboratory specialising in technology, and should know better than to trash a product before benchmarking it properly.
Sure, while value can be a benchmark, it needs to be compared objectively to something scientifically measurable, like performance or reliability. Or vulnerability to cyber security attacks.
Just because something is cheap, doesn’t necessarily mean it’s not good. You can’t ascertain just from seeing the price, whether the vendor of the $8 lightbulb employs good security-by-design practices in their product lifecycle.
In fact, just as price doesn’t always signify quality, price doesn’t necessarily indicate the level of cyber security afforded for any product. Indeed, a $40 light bulb could potentially be more insecure than an $8 one.
But there’s no way of knowing whether a connected light bulb (or any piece of tech) is secure until you properly test it. And trust me, a weakness in a product’s security is not something you want to find out the hard way.
So where do purchasers of IoT products go to discover how security compliant their prospective vendor’s product is?
Why thank you for asking (and here’s the plug): we’ve recently established Security Trust Mark (www.iotsecuritytrustmark.org), which offers third-party assessment of products against IoT Security Baseline Requirements.
Those baseline requirements are built on government guidelines and standards bodies’ publications, such as ETSI EN303, and published on the Evaluated Product List. Security Trust Mark is currently in pilot and we’re seeking leading vendors to put their connected devices through their security paces as soon as you’re ready.
It’s going to be very interesting over the coming years to see how the retail cost of products benchmarks with their cyber security. My money is on those that deliver secure products for reasonable value, be it $8 or $40.
