Smart homes — residences powered by connectivity and the cloud — are exploding in their proliferation. Statista’s statistics predict the number of homes in the U.S. with “smart appliances” will jump from roughly 15 million today to 37 million by 2022. And that’s only appliances. Throw in lighting, security, and home entertainment connectivity, and that number leaps to 56.7 million households by 2022 from 17 million today. That’s a lot of connectivity — and vulnerability. But it’s also a lot of opportunity for MSPs that can find a profitable path to protecting residential customers.
Last week, Smarter MSP examined what looks set to be a growing a trend among MSPs: residential managed services. The question then becomes how to offer affordable, scalable services to a residential customer whose connectivity resembles an SMB but whose needs and usage differ considerably.
The answer will come from consumers, says Ted Harrington, executive partner in the San Diego office of Baltimore-based Independent Security Evaluators.
Blender becomes a bot
For those concerned with identity theft and fraud, Harrington tells Smarter MSP, the biggest issue is storage of sensitive documents, such as tax returns, on platforms accessible on the same network as other connected devices.
“As most homes are set up without any segmentation, an exploit of one device generally provides an attacker a foothold in the home network from which to pivot and access other devices, such as storage,” Harrington says.
For those concerned with privacy, Harrington says, anything with video or audio capture might be an issue.
“Research has shown that in both exploits of unintentional functionality as well as systems purely operating as intended, private conversations within earshot of voice-activated personal assistants have been recorded,” Harrington says. There was a well-publicized case recently of Amazon’s Alexa sending a — thankfully innocuous — private conversation to the owner’s employer.
But, ironically, the biggest danger of home-based connectivity may not be the home.
“Attackers have shown some interesting creativity in exploiting devices to use them in a botnet to attack a large corporate target,” Harrington says, citing the Dyn attack in 2016 in which hackers mobilized people’s baby monitors and home security devices to attack Dyn from millions of IP addresses. The denial-of-service attack brought down such popular websites as Pinterest and PayPal.
So, an unsecured symphony of home appliances and devices may all become an unwitting part of a malware army.
“As most homes are set up without any segmentation, an exploit of one device generally provides an attacker a foothold in the entire home network” @SmarterMSP
One size doesn’t fit all
One of the biggest challenges for MSPs hoping to move into residential services is that the security needs are different than an SMB’s. So, simply sliding the same strategies from the SMB market to home customers doesn’t work.
“The solution may be similar, but the issue is different. The change here is that IoT is a new vulnerability that affects everyone’s homes,” says Juan Mora Zamorano, an independent IT and security consultant in Madrid and former home project manager overseeing home security for Spanish telecom giant Telefonica.
“Small businesses, in most cases, already have security in their infrastructure. The new home-to-IoT security infrastructure must be simple, self-managed, and transparent to the end user. It should only notify security issues along with a simple contingency plan to solve it,” Zamorano says.
In other words, most homeowners want simple solutions. But, simple isn’t always easy when the IoT landscape is changing almost daily.
“There are thousands of possibilities. New IoT developments come out every day,” Zamorano says, with the trend, unfortunately, being to develop first and worry about security later.
Meanwhile, the IoT at home will proliferate into a cornucopia of connectivity, and that will continue to highlight home network security as a concern, Zamorano says.
The future of residential managed services
Zamorano says that as the IoT takes hold in homes, the home network will be secured from the inside, most likely in the router and through WiFi hotspots. And, a double layer of protection can be added from the router to the telco provider.
“Telcos are also interested in keeping their customers secure and happy,” Zamorano says.
Right now, home network security is a bit of a jump ball, and whoever comes up with the best solutions wins.
“The leads to sales will grow exponentially for them or whoever provides the home network security,” Zamorano says.
And that is definitely something for MSPs to consider.