The growth in smart devices, particularly in the smart home, is explosive and it seems now that every household device has some built-in smart capabilities. We have the choice of smart light bulbs, smart speakers, smart TVs, smart security systems, smart household appliances, smart heating systems — and the list is constantly growing. These smart devices bring many advantages to our homes and daily lives. Smart heating systems allow us to better manage our energy usage, which is increasingly critical during the current energy crisis and to help us tackle climate change. Smart security devices give us better peace of mind that our homes and loved ones are secured. Smart entertainment systems enable us to better choose how we enjoy our personal time. IoT devices make our daily lives simpler and better organized.
If you are like me, you probably didn’t spend the lockdowns during the pandemic learning to make sourdough bread but instead took that time to improve your home by using smart devices. I ran several projects in upgrading various systems throughout our home and am now enjoying reaping the benefits of that work.
However, one thing that did frustrate me during my various IoT and smart device projects was the difficulty, and in some cases inability, to interconnect different devices from different vendors. As with all things in life, you want to use the solutions that best fit your needs. In many cases that may not be provided by one vendor, so you invest time and money in installing what you believe is the best solution for that particular need. But you may have discovered later that the various smart systems do not interconnect, or if they do, it is a very time consuming and frustrating process, and even if you are successful, you still end up with many different apps or systems to manage the different vendor smart devices. Then there is the inevitable problem where one vendor updates its software or firmware, resulting in having to reintegrate the systems again.
So it is with great interest that I learned about a new protocol standard for the interoperability of smart and IoT devices. This protocol, was developed by the Connectivity Standards Alliance (Alliance) as an open-source standard to enable manufacturers develop their products so they integrate and interoperate with each other seamlessly. With the introduction and adaptation of Matter, gone will be the days of trying to work connect different smart systems to each other using complex APIs or configuration steps. Gone will be the days of providing your log in details from one smart device vendor’s platform to another. And gone will be the days of troubleshooting why your smart home or office environment no longer works due to an update or upgrade to one of the systems you use. Matter will simply eliminate that pain and provide consumers with the ability to choose the best smart system for their requirements rather than being locked into a specific vendor’s solution due to compatibility concerns.
As a self-professed geek, and someone with a strong interest in security and privacy, I’m excited about Matterfor its focus on those areas. introduced the maxim 23 years ago that “complexity is the worst enemy of security,” and this still rings true today, particularly in the area of smart devices. The introduction of Matter will significantly reduce the complexity of smart systems in the home and the workplace allowing for better security and protecting our privacy.
To ensure the security of smart devices, each Matter device employs its own unique Device Attestation Certificate (DAC) which verifies that each device is genuine and has been issued by the manufacturer. Each DAC is managed as part of a secure cryptographic chain, using Public Key Infrastructure (PKI) to enable secure communication between devices using encryption. Matter also ensures software updates are from digitally verified sources and that software and device integrity is assured using certificate-based signing.
The development and introduction of Matter has been relatively ignored by many of us working in the areas of enterprise and corporate security. After all, smart devices are not our concern, and this is mainly an issue for home users. I beg to differ, and I believe Matter will have a big impact on enterprise security.
We simply need to cast our minds back to the introduction of bring your own devices (BYOD) into the corporate network. In the majority of cases, it was not the IT department or the CISO who championed the connecting of personal devices, such as smartphones and tablets, to the corporate network. Instead, it was the business users who pushed and demanded that they could access email and other business resources from their personal device.
Similarly, I foresee business users and leaders looking at the area of smart systems to enhance the workplace and introduce productivity gains. Smart CCTV cameras may need to be connected to the corporate network so they can integrate with your SIEM to verify that the user logging into the system from their desk is really that person rather than someone who knows the user’s password. Organizations will improve their manufacturing processes by introducing smart devices and IoT solutions into the production line, which in turn will need to be connected to the Enterprise Resource Planning (ERP) system to ensure parts and materials are ordered in time.
Many regulators are starting to identify the potential security threat posed by IoT to our critical infrastructure and are introducing laws and regulations to ensure the security of those systems. In the summer of this year the came into effect. Part of that act is the requirement for vendors to ensure the security of IoT devices which could be facilitated by Matter.
Matter is a huge step in not just improving security for those employing smart devices in their homes, but it is a protocol that corporate security professionals need to become familiar with so that they can provide value to the business by supporting the introduction of smart devices and IoT solutions to the enterprise.
Hopefully one day the Matter symbol will become as recognizable as the WiFi symbol, so that we can all be confident that the systems we install in our homes, our business or our critical infrastructure will meet a recognized and approved standard for security and interoperability.