And as these connected devices make their way into our lives, we’re starting to see a significant impact — both good and bad.
Exposing the Potential Security Vulnerabilities of IoT Devices
I recently had my own encounter with the IoT when I decided to buy a few webcams for my house, and it was eye-opening to say the least.
When I began researching my options, the same comments kept appearing over and over again in reviews for many of the cameras. People pointed out some privacy issues with the cameras, with several saying they returned them because they didn’t want to agree to the terms and conditions, which gave the manufacturer access to any data collected by the cameras.
Now, if these terms and conditions weren’t worrisome enough, recent research revealed that half a million smart devices in Barcelona (including webcams and baby monitors) were vulnerable to cyber attacks. Not only were they vulnerable, but several parents reported instances of hackers taking over their baby monitors.
Putting the Security of IoT Devices Into Perspective
The webcam stories expose serious security flaws in IoT devices that must be addressed. Many of us now have connected homes and offices, and while that connection certainly makes life easier for us, there’s a lot of complexity behind the scenes that we don’t even think about. IoT devices do so many things from an architectural standpoint — connecting to WiFi, storing data in AWS, charging our credit cards and the list goes on — that we now take for granted.
However, as these connections continue to deepen, so do the security risks, as the more connections each device has, the more points of entry they provide for hackers to access user data.
Software Testing in the IoT Era: Preparing for a New Ballgame
As the number of IoT devices continues to grow, the potential security vulnerabilities will too. As a result, how we go about testing this connected software needs to change. And this change needs to happen sooner rather than later.
Specifically, here are three critical ways you need to evolve how you approach testing in the IoT era:
1) Introduce Continuous Security Testing
One of the reasons the IoT has opened itself up to being so vulnerable to security attacks is because with so many points of connection and so much going on within those connections, it’s very easy to lose sight of what poses a security risk and what doesn’t. But as we move deeper into the IoT era, this needs to change, and continuous security testing will be key to making that happen.
Most of the time today, testing teams do security and load testing at the very end of the development process after completing all unit and functional tests. But when you do security testing at the end, it becomes an extra step rather than something that’s critical throughout. For the best security model, testing teams need to bake security testing into the software development process so that it occurs earlier and more often.
This type of continuous security testing will only become even more important as the rate of change for IoT software picks up speed. A recent survey of Fortune 500 CEOs found that the rapid pace of technology change and cyber security are the top two concerns among CEOs, and these two concerns definitely play into one another in the IoT era. That’s because as development teams begin to move incredibly fast and software becomes more interconnected, it’s much more difficult to see all of the protocols in place and pinpoint weaknesses. As a result, continuous security testing will become increasingly critical to helping security keep up with the pace of change in software.
2) Figure Out What You Don’t Need to Test
With all of the various systems and connections the IoT introduces, there’s clearly a lot to which you need to pay attention when it comes to testing. As a result, when you combine the need for more continuous security testing with the imperative to increase speed of delivery, it’s often just as important to figure out what you don’t need to test as it is to figure out what you do need to test.
Determining what you can not test for each release without sacrificing security will help minimize concerns around maintaining proper test coverage and alleviate pressure around tight deadlines.
As you think about which areas of the software you don’t need to test with each release, look for protocols that have already gone through security testing and will remain the same for the next few releases. If you can identify areas like this, you will have a much easier time prioritizing your test plan to meet aggressive security and timeline goals.
3) Improve Your Test Automation Strategies with Service Virtualization
One of the most important factors to success with test automation is to have an environment that’s as close to the production environment as possible. Achieving this goal is difficult in the IoT era because it isn’t often that all of the interconnected systems on which IoT apps rely are readily available for testing. Unlike a simple web page that only requires a few protocols to be up and running, the interconnectedness of the IoT means that a lot needs to be working to get a proper testing environment in place.
As a result of this challenge, service virtualization, or a production-like virtual environment, is a must. While the virtual environment might not be the exact same thing as the actual environment in which the software will exist, it will likely be the closest thing your team can get before moving the software into production.
Having a strong service virtualization strategy is critical for the IoT era because without one, you’ll either face regular bottlenecks waiting on every necessary protocol to test one change or, if you don’t wait, you’ll lack confidence in the security of each release.
The IoT Has Arrived and QA Practices Must Evolve Accordingly
There’s no doubt about the fact that the IoT era has officially arrived. And while that’s an exciting prospect, it brings with it a myriad of security risks. In order to mitigate these risks and help users safely enjoy the benefits of the IoT, software testing teams must evolve their QA practices to include continuous security testing, improved test prioritization and reliable service virtualization.