Everyday I come across news headlines and stories about security breaches and how personal and sensitive data becomes public on the web or is used without knowledge and authorisation. It seems that the security of devices, networks, and data is just to difficult, complex and costly to deal with at all levels. Businesses and technologists are continually doomed to repeat past security mistakes and even ignore and not act on good advice when it comes to security.

As with all new technologies and innovations, there is an sense of urgency and hast to get to market first even when the product and/or service is not fully market ready. There is even a business philosophy based on the view that you only need a “minimum viable product” to start marking a profit which implies “near enough” is “good enough”. This philosophy is self evident with the large number of “beta” sites, applications and devices that we have been seeing being introduce by agile startups and over excited entrepreneurs in the world of “The Internet of Everything”.

I am not against rapid innovation and people making a profit, but I am a very passionate critic of poor quality products and services that were developed with short cuts to satisfy a cultural and emotional need for instant gratification with new technologies and passing on the implications of those shortcomings onto the buyer and consumer to accept without knowledge.

Poor quality products and services are everywhere and especially prevalent in the technology domain. Software bugs, unreliable internet services, poor phone reception, batteries that go flat quickly, and so on. This is why we also need strong consumer protection laws and regulations. Poor quality shows up after the purchase when we use the product and\or service. But with some products and services, such as IoT devices and the services they connect to, poor quality may not be so obvious and transparent given the digital nature of the “things”.

When Hewlett Packard released its “2015 Internet of Things Research Study“, they reviewed 10 of the most popular devices and their respective connected services in some of the most common IoT niches. It came as no surprise to me that they reported that 80% of devices reviewed raised serious privacy concerns due to security vulnerabilities. If you want to know more about privacy and risks, then read my blog post “Best Research Paper for Understanding Privacy Risks We Face“.

However what did surprise me, was that the vulnerabilities they discovered were all familiar and common ones in the IT industry that can by design be simply addressed. Here is a summary of what these were:

1. 80% failed to require passwords of sufficient complexity and length.
2. 70% did not encrypt communications to the Internet and local network.
3. 60% raised security concerns with their user interfaces.
4. 60% did not use encryption when downloading software update.

The Open Web Application Security Project (OWASP) publishes and maintains a top 10 vulnerability and controls list so there is no excuse for product developers to not address security in the design of their products and services when the information is readily available and known.

If technology product developers and businesses continue to take short cuts and offer poor quality products and services, it is only a matter of time before privacy breaches occur and the buyers and consumers who are impacted will seek significant compensation via regulatory bodies and the courts. It’s time to take note!