Openness and Security Thinking Characteristics for IoT Ecosystems

: While security is often recognized as a top priority for organizations and a push for competitive advantage, repeatedly, Internet of Things (IoT) products have become a target of diverse security attacks. Thus, orchestrating smart services and devices in a more open, standardized and secure way in IoT environments is yet a desire as much as it is a challenge. In this paper, we propose a model for IoT practitioners and researchers, who can adopt a sound security thinking in parallel with open IoT technological developments. We present the state-of-the-art and an empirical study with IoT practitioners. These efforts have resulted in identifying a set of openness and security thinking criteria that are important to consider from an IoT ecosystem point of view. Openness in terms of open standards, data, APIs, processes, open source and open architectures (ﬂexibility, customizability and extensibility aspects), by presenting security thinking tackled from a three-dimensional point of view (awareness, assessment and challenges) that highlight the need to develop an IoT security mindset. A novel model is conceptualized with those characteristics followed by several key aspects important to design and secure future IoT systems.


Introduction and Background
The Internet of Things (IoT) market is predicted to grow from an installed base of 20 billion devices in 2017, to 30.7 billion devices in 2020 and 75.4 billion in 2025 [1][2][3]. Within less than a decade, a new infrastructure for online sociality and creativity has emerged, which forms a new layer of the digital infrastructure, through which people have started to organize their lives. Such infrastructures are becoming new digital ecosystems where different platforms and devices influence human action and interaction not always with the best output [4]. However, as our dependency on digital ecosystems increases that include Artificial Intelligence (AI) and Machine Learning (ML) techniques, together with the number of devices and people getting connected to these ecosystems, the responsibility to provide the right security and privacy measures becomes a serious concern, which we must not take lightly.
Currently, proprietary technologies, e.g., industry standards for communication, have been extensively deployed throughout multiple IoT systems and devices, and often they are closed and fragmented [5,6]. In the smart living domain, this was for instance demonstrated by Nikayin et al. [7] who, in their review of service platforms-these can be seen as hardware, software, network infrastructure or a combination of these [7]-indicated that the majority of service platforms intended for the smart home are closed allowing access to information only by platform providers. Furthermore, fragmentation exists, as it is challenging to maintain platform Information 2020, 11, 564 2 of 16 compatibility, when adaptation, evolution and security are the main characteristics that should portray the IoT systems.
For IoT practitioners to build systems in a more standardized way, there is a need for an open approach [6]. Big industry actors (such as Samsung) have already announced the need "for greater openness and collaboration across industries to unlock the infinite possibilities of the Internet of Things" [8]. Openness is usually characterized by transparent access to information, other resources, collaborative participation, and after all is about opening up [9]. Openness is a de-facto trend in the IoT domain, whereas its interpretation relies on different stakeholders view and their domains [10]. Moreover, values of openness via Blockchain smart contracts are particularly encouraged as it can help reducing the surveillance threats while improving the trust to IoT ecosystems [11].
Openness in IoT systems offer multitude of benefits [10], but security is never assured [12,13]. Security and privacy goals are at the top of the agenda for the industry, yet a growing number of smaller IoT vendors, typically startups, whose core competence does not focus on security, brings a bigger challenge to set-up a secure IoT infrastructure [14][15][16]. As an example, if a traditional hardware manufacturing company enables internet connectivity on their product, they can accomplish this with a small group of software developers. However, they might not necessarily have the security expertise and budget allocated to conduct security processes such as threat modelling, risk assessment and security audits. This can result in poor quality and insecure systems that could be relatively easily exploited by hackers due to several security vulnerabilities they may contain [17,18].
Today, we should strive to develop IoT technologies with the right mindset where security and privacy should be key. Highlighting the inevitable presence of IoT, in this study, the goal is to prioritize openness and security as mandatory characteristics for the IoT ecosystems. In this paper, we propose a model for IoT practitioners and researchers on how to use security thinking in parallel with open IoT technological developments. This paper is an extension of the work related to openness and security aspects based on our previous research efforts [6,19,20].
Some of the main contributions can be summarized as: Finally, we show that novelty and risks concurrently target security in the IoT, and thus the importance of the three identified dimensions: awareness, assessment and challenges, together with a number of identified aspects uplifting continuous security thinking.
In the next section, we motivate both openness and security thinking as key concepts and models that were developed to target the IoT ecosystems. We discuss our approach and settings of the study. We then focus on the state-of-the-art, particularly in relation to security in IoT. In addition, we provide empirical input by understanding how practitioners view IoT openness and security. We identify three key security dimensions and related aspects. Followed by the research approach and results from the state-of-the-art in IoT security, we then bring the empirical study data. We finally conclude the paper.

Motivation and Related Work
Mark Wieser's seminal work on ubiquitous computing, considered the precedent of what we frame today as the IoT, proposed the idea of technology working in the background while its actions come in the forefront [21]. Today, we strive to develop such technology through IoT, where security and privacy are prioritized. According to Agarwal and Dey [22], these aspects must be tackled from the ground-up. However, aspects like extreme heterogeneity lack standardization for the openness [6] and ineffectiveness of traditional methods of security [22] are a constant target for finding the right security solutions. Challenging IoT security from a security thinking perspective puts security in the spotlight for continuous efforts among practitioners and researchers to improve it [20]. In the subsections below, we motivate the openness aspects based on our previous research efforts [6,19], while extending it with security thinking [20], and we believe that both are important characteristics for IoT ecosystems.

The Need for Openness of IoT as Design Principles
Architectural aspects are elementary and play a pivotal role for IoT ecosystems. Particularly, design-time and run-time undergo a constant change in IoT Architecture because these two elements are characterized by a dynamic mechanism [23]. In this dynamism, openness is problematic because it requires a better exploration to determine the development aspects tackled with transparency [6,24]. In this way, IoT ecosystems can rely on open architecture, for example when dealing with heterogeneous devices, and constantly new emerging requirements [6,24]. The open architecture can help to establish the very initial design and system settings that can express the architectural design characteristics as attributes or constraints for a system [6].
For IoT ecosystems to provide a platform that accommodate the open architecture approach, any developed e.g., application should proactively consider the open architecture approach to make sure that there is support for the continuous changes without affecting the behavior of an overall system. Figure 1 shows that the open architecture approach is characterized by flexibility, customizability, and extensibility. The figure also makes a set of design activities noticeable for which each property can facilitate the design of the architecture itself. In addition, the properties of ease and cost-effectiveness are connected to each of these characteristics. Then, the open architecture design principles can support the evolution of the IoT ecosystems by addressing the emerging requirements and the very changing needs of the stakeholders [6,24,25].

Flexibility
Customizability Extensibility Some of the main aspects of the open architecture design principles are its inherent characteristics, such as modularity, compatibility, easiness, cost-effectiveness, quality aspects related to performance, correctness of processes, and so on, together with the set of design time properties, namely [6,24,25]:

Open Architecture Approach
Flexibility characteristic, can enable solutions to be used by the users in a wide variety of settings and situations by easily addressing different user's requirements with minimum delays. The main properties of flexibility are: context, robustness, easiness and cost-effectiveness [6].
Customizability characteristic, can enable the users to easily customize features in the system and address their specific individual needs, usually without having access to the source code, thus reducing the deployment time. The main properties of customizability are: specificity, easiness and cost-effectiveness [6].
Extensibility characteristic, can offer easy integration possibilities with other systems and/or tools that takes into consideration future growth by expanding/enhancing the architecture with less costly upgrades. The main properties of extensibility are: adaptability, modularity, compatibility, easiness and cost-effectiveness [6].
Future steps should address questions regarding accommodating security as an additional characteristic within an open architecture approach for IoT ecosystems by further enhancing the reliability of IoT systems for the society.

The Need for Security Thinking
Challenging IoT security from a security thinking approach puts security in the spotlight for continuous efforts among practitioners and researchers to improve it. Security thinking is expressed in two forms. First, it refers to the technical measures the IoT practitioners take when developing an IoT system. IoT systems often expand with security and privacy considered as an afterthought [26] at the expense of lack of security expertise, cost-savings and time trade-off [15]. This should be carefully planned with an ethical use and development of IoT by investing significant resources also on the sociotechnical IoT aspects [27]. Second, it refers to progress towards a secured organizational culture often by ensuring employee training and education to influence and activate their thinking about information security [28]. Recent studies like   [29] and Moody et al. (2018) [28] show that security thinking is not developed enough in organizations from an employee point of view, a trend that has likely influenced the immature thinking of security development across IoT systems from the back-end perspective. Instead, organizations prioritize releasing their products to the market at the stake of security. Likewise, we argue that we should be striving for an IoT security thinking mechanism expressed in the two forms above, but following a consecutive order, first a proactive security mechanism during requirements, development and implementation, and then security awareness tactics. Echoing Lowry et al. [17], who stated that IoT is rewriting all the rules on how we once considered security, the IoT infrastructure will fail if we don't act proactively.

Research Approach
This study begins by formulating state-of-the-art concepts and models for openness and security in IoT. While some studies were not directly focusing on IoT per se, we included them by realizing that their input was key in strengthening security thinking for IoT developers, implementers and users. Scrutinizing the security literature from the IoT perspective to form the state-of-the-art, we observe that there are very few security insights from practitioners. In dealing with this challenge, we conducted a study driven by the semi-structured interview approach with six experts within the IoT field and from different IoT domains. This study uses the first-hand experience of six security and IoT practitioners from different organizations. Respondents' identifiers (R1-R6) alongside their corresponding details are presented in Table 1.  Table 2 shows the interview questions that were used to interview the experts and practitioners in the domain of IoT. Details on how the interview guide was developed and the presentation of raw data from the interviewees can be found in [19,30].

Designing Open and Secure IoT Systems
Q8. How openness affects IoT (Flexibility, Customizability, and Extensibility)? Q9. What do you think considering security and privacy while designing IoT solutions is critical? Q10. Are you aware of any existing security mechanisms within your organization that can address challenges in Internet of Things? What measures can you suggest? Q11. Do you want to make any last statement for IoT community and developers?

Results and Discussion
In this section, a discussion of results from theoretical and empirical findings are highlighted. These results are mapped and discussed in the sections below in a summarized way. We discuss the results from designing open and considering security perspectives for IoT ecosystems, followed with a proposal for general security thinking in IoT.

Openness vs. Security
The results emphasize the openness aspects as an emerging trend [6,10,31,32]. However, we also need to point out that openness trends are adapted towards some of the openness aspects and IoT applications, for e.g., when it comes to the smart home, there are still a number of devices, such as: gateway/hub that feature a closed ecosystem or with some proprietary standards and APIs [33], whereas most of them are closed when considered from an industrial-based IoT systems [34].
IoT stakeholders are encouraged to make use of openness to benefit from its aspects of easiness, convenience and fast development that are often attributed to produce positive results with cost related savings [35]. Such an open architecture has the potential to ease the use of these devices by developers and end-users (e.g., in smart home context). Open architecture design principles, particularly flexibility, customizability, and extensibility, as well as ease and cost-effectiveness properties [6], can support the evolution of IoT ecosystems towards satisfying constantly evolving requirements.
In general, and despite the confidence that openness of IoT architectures brings with its characteristics of flexibility, customizability and extensibility, incorporating into those characteristics the importance of security and privacy as key design principles is central (R1, R4, and R6 and according to Table 1). If security and privacy continues to be neglected, the improper choices of openness aspects can lead to opening up for larger attacks into the IoT ecosystems (R6, R3, and R5). This is important to be considered, since openness allows for sharing and interoperability, as well as addressing the growth and maintainability of the system, increases the speed of development, and reduces developmental costs (R1, R3).
Our results show that it is crucial to have openness in IoT domain since it allows for better interoperability and transparency, often sharing of source code, data, interfaces and other technical and nontechnical artefacts. In addition, openness can support the IoT industry in terms of the growth, easier maintenance and speed of development (R1, R3). However, it is imperative to consider that security of IoT ecosystems should be an integral part of openness. In addition, security in this area is not just a need, but it becomes mandatory for a successful deployment and execution of an open IoT system (all respondents). This is mainly because often the open systems are by default seen as insecure. IoT ecosystems should prioritize considering security by design aspects (all respondents). To follow up on that, security aspects need to be addressed right from the start of the IoT design because they are rather harder to be implemented retroactively. Moreover, our results highlight that security should not be neglected during any design phase of the development lifecycle. In addition, since privacy is an integral part of security (R1, R5), IoT systems should also consider privacy by design aspects. The IoT industry needs to start thinking about open and secure IoT ecosystems as design principles from the very initial development phase.
The IoT ecosystems characterized by openness and diversity of technologies require serious reflections particularly related to security issues [36] (all respondents). Our results show that security begins with awareness and built-in security mindset [37] (R1, R4, R6). While we often find that security is an after thought, today's security approach should not be introduced after the product is deployed, but it rather needs to be integrated across all design and development stages (R4, R5). Therefore, security problems are no longer attributed to a 'tool or an implementation', but it is rather a 'people and process' issue (Respondent: R5). Thus, it is not solely technology that makes IoT ecosystems secure, but it is the development community, open processes and open approaches that are followed which make an IoT ecosystem secure [19].
These insights point towards IoT practitioners that need to consider deeper aspects by following more proactive security thinking approach when designing open and secure IoT systems [19].

Continuous Security Thinking
In the traditional view, a good security practice was likely achieved through effective technologies, policies, standards and procedures that intended to ensure the CIA-triad: confidentiality, integrity and availability. Confidentiality is seen as the prevention of unauthorized disclosure, integrity as the prevention of the unauthorized modification, and availability as the prevention of unauthorized withholding of data [38]. The CIA-triad has been extended over the years-e.g., the CIA+ to deal with network security attacks [39]. Nonetheless, the IoT domain poses additional aspects that are not covered by the mentioned models. Additionally, in IoT systems, new security requirements have arisen due to specific features, e.g., use of cloud technology and properties e.g., constrained resources, of IoT systems. Even if security and privacy must go hand-in-hand, there are often situations when the prior becomes a cause for concern for the former. For example, strengthening surveillance systems for a better security comes at the expense of privacy. In light of the aspects mentioned above, below we provide an overview of related studies by mapping with interview data while identifying and highlighting different security aspects (see details in Table 3).
IoT Awareness: Raising awareness for data management in terms of sensitive information in the IoT domain current practices is an important feature [40][41][42]. However, training and education require broader spectrum of stakeholders to be included, such as policy makers, regulators and the general public in order to raise such awareness regarding IoT challenges, risks and opportunities [37,43] (all respondents). More specifically, there is a need for user awareness and security education for both developers and users of smart products and services [44] (R5). The best way to keep security on users' attention is to offer continuous security awareness and education programs [45]. Because these smart products and services should be designed-in security concepts in mind [43,46] and at the same time dealing with ethical concerns in terms of bringing awareness to owners of IoT smart products related to the degree of privacy [47], continuous education for engineers and other stakeholders in IoT field is important for enabling life-long learning regarding security and privacy aspects likewise [27,37,45,48]. Additional features for organizing learning mechanisms, team building and knowledge management systems need to be provided in connection to people and team management aspects [49]. For raising awareness among IoT industry management and practitioners, there is a need for an adequate legal framework that would take the underlying technology into account [14]. This legal framework could be established by the legislator which can also be supplemented by the IoT industry according to their specific needs [14]. Furthermore, a legal framework could ensure stakeholders awareness and protection of subjects, e.g., when it comes to privacy breaches [50]. In order to place this framework into practice, policy enforcement as another feature of IoT security awareness aspect is important to be considered [51,52]. Security should be introduced in a form of security as a process aspect that would help with thinking about security from the initial design phase and throughout the development lifecycle (R5). Developers should understand the context of operation and then apply security patterns, mechanisms and tools that work for their team (all respondents). This is especially important in IoT as often it is not possible to state general practices or guidelines for designing secure IoT system (R1, R5). Learn by observing instead of reinventing the wheel is another aspect, as there is a need to look at the success models because often the problems IoT practitioners face are already encountered and solved in other mature industries (R5). Addressing the digital divide aspect deals with IoT practitioners that need to have larger responsibility for securing IoT users, mainly because of their various levels of understanding the security and privacy risks (R1, R6). Security is a continuous process, thus the keep secure always aspect could enable timely upgrades and updates of the system by issuing necessary and critical fixes (all respondents). Security fixes must be enforced on the IoT users to keep their system always secure (R6). Plan for end-to-end security should be designed and implemented addressing all the components of an IoT ecosystem, from the end-user to devices to network, and so on (R6).
IoT Assessment: Building trust in humans is an essential assessment item of security and privacy within the IoT field [51,53]. IoT devices need to be designed with identity management appropriate for the IoT environment [51,54,55] for e.g., in terms of maximizing data integrity and ensuring trust mechanisms [27]. Security risks can arise due to multiple reasons, e.g., unawareness of maliciously manipulated products or the lack of information on potential countermeasures [44]. In order to avoid certain vulnerabilities and risks, risk management is an important aspect of assessment in security in terms of threat modeling, code reviews, and various testing aspects such as white/black-box testing [37,43,46,56] (R5, R6). In this case, mitigation measures should also be considered by utilizing security and privacy by design principles [43,48,50,57] (all respondents). Having trust management usually helps to overcome the uncertainties and risks within the IoT environment [19,52,55] (R1, R2). Auditing is another important IoT feature [27]) (R5, R6). This feature is important as it leans more towards transparency when implementing the security of IoT devices [27]. In particular, auditing when done repeatedly against security standards, helps in building user trust [58]. In the end, compliance sets the frontal image of how assessment should be developed within the IoT infrastructure [20,27,43]. Having an IoT provider compliant to security standards may also contribute in attracting more users to use the provider services [58]. Assessment for IoT developers should let them think about necessary tools and software assessment. A security toolbox helps practitioners conduct e.g., threat modeling, architectural review, code review, and running automated security tests (R5). IoT stakeholders should think about data assessment aspects as well, in order to assess data for its correctness, trustworthiness, and reliability (R1, R6) [19,43,57].
IoT Challenges: Many IoT devices used today were originally designed in closed way for non-internet use and with proprietary code, and often using weak protocols and practices [6,[41][42][43]. Even though many standardization bodies together with industry tried to provide solutions for security and privacy aspects [42,43], standardization in IoT still remains as a continuous challenge [44] (R2, R6). IoT complexity makes it almost impossible to realize secure systems efficiently in terms of the problems related to scalability and interoperability [37,48] (all respondents). Adding to the complexities are also the availability of multiple platforms, numerous protocols, large numbers of APIs and well evolving standards. IoT environment constraints to date present many security challenges in terms of devices computational power, memory, battery, network, operating system, and bandwidth, among others [19,22,43,52] (R1, R2, R6). Constant evolution of new IoT technologies, heterogeneity and continuous updates of technologies present challenges regarding potential security vulnerabilities [22,49] (R6). Furthermore, business and technical level standards must not be taken lightly as IoT security constraints [44]. Fragmentation of IoT market with incompatible devices, platforms and protocols impose further challenges in implementing effective security measures (R1, R2). Multiple Verticals systems as created by IoT stakeholders contribute to fragmentation and interoperability problems within the IoT industry creating standardization challenges (R2).

Towards Openness and Security Thinking Model for IoT Ecosystems
The complexity of IoT ecosystems has led us to present our results that show how openness and security thinking are important characteristics for such complex ecosystems. Figure 2 conceptualizes the above-mentioned openness and security characteristics obtained from the research results. Figure 2 shows two major important aspects, the openness and security thinking which are represented by various design aspects. In the context of openness, the open architecture approach plays a significant role. This approach provides the means for establishing the design and development settings that capture the characteristics as attributes or constraints of a system in an open way [6]. Design principles of an open architecture approach can be put into view from two perspectives: (a) design and development, and (b) architectural design perspectives. The model presented in Figure 1 and re-purposed in Figure 2 can be used to identify and then tackle the needs related to building an open IoT system. Such a system has the ability to grow, mature and even change over time from a bottom-up perspective. The importance of the bottom-up perspective shows that, while changes are unavoidable, the open architecture approach can be applied during the design phase of the system and architecture that helps to establish the design and development settings. In these new settings, the open architecture characteristics and their properties can be enabled. An open architecture approach helps designers, developers, and domain experts to easily and flexibly integrate, customize, and extend the IoT products.
Our results, however, show that openness is not determined by aspects To illustrate this further, a software library may not be properly maintained and a software can by default be shipped with diverse features that may have not necessarily been tested against security and privacy threats. Therefore, in light of our proposal for a continuous security thinking approach, we argue that concepts and models towards conceptualizing security in IoT can be both innovative and risky at the same time, mainly due to their constricted singular view upon the IoT ecosystems. We thus identify new dimensions and a number of aspects that are important for continuous security thinking in IoT, targeting not only practitioners alone, but also developers, users and the society at large. Table 3 highlights our conceptual framework derived from the state-of-the-art and interviews that initiated the development of our three-dimensional model for continuous security thinking in relation to awareness, assessment and challenges. This table presents the mapping of three dimensions with a number of aspects identified that are important for IoT security thinking. In reference to our findings presented as three dimensions, the call to mitigate security risks almost two decades ago still remains vital today: "the open and semi-chaotic Internet. . . is the creation of opportunities for leakage of threats from robust into vulnerable networks" [26]. Our study shows that there is a need for continuous security thinking in terms of awareness, assessment and challenges that are new dimensions for security in IoT ecosystems.  Aspects of awareness and assessment are critical since they represent a relationship to people, such as IoT development community, security practitioners and their involvement in the development life-cycle. Thus, they become specifically important in the initial design phase of the system. Awareness is about cultivating a security mindset among IoT practitioners, such as by providing appropriate security training. Security should be introduced in a form of security as a process aspect that would help thinking about security from the initial design phase and throughout the development lifecycle. Developers should better understand the context of operation and then apply security aspects that work for them, as often it is not possible to state the exact guidelines for designing secure IoT system. Assessment, on the other hand, should let IoT developers think about necessary tools and software assessment. For example, a security toolbox helps practitioners conduct e.g., threat modeling, architectural review, code review, and running automated security tests. Moreover, security risk assessment e.g., by incorporating threat modeling iteratively, system architecture reviews, and other related mechanisms as well as the need to frame security requirements on the system and platform by the practitioners. With trust management and data assessment developers need to manage and assess device trust, entity trust, data trust and include strong authenticity into the system in order to assess data for its correctness, trustworthiness, and reliability. In the process of implementing security thinking in IoT, one can encounter various challenges related to resource constraints, operational environment and heterogeneity [30]. Challenges related to resource constraints such as processing power, battery, memory, space, etc. that put restrictions on the type of security solutions can be used. Challenges related to operational environment in terms of complex, dynamic and distributed execution environment pose further issues on usage of existing security and privacy mechanisms.

Awareness
Our conceptualized model emphasizes the human in the loop concept that would help to easily understand the emerging needs as design principles for IoT ecosystems in a more open and secure way. Furthermore, with these conceptualizations, people could actively take part and shape their IoT tools in a more transparent way. Thus, in general, we believe that openness leans toward more transparency when implementing security, e.g., Blockchain as a promising technology can be very beneficial for auditing data and fostering more guaranteed assurances that certain aspects of security and privacy are in check. For example, autonomous systems, from cars to pacemakers, can become serious malfunctioning systems led by weak security thinking. While such failures often become headlines in the press, they have yet to receive full attention by the IoT community to bring security thinking at the forefront. In this study, we show that novelty and risks concurrently target security in the IoT, and thus the importance of the three identified dimensions: awareness, assessment and challenges, together with a number of aspects, uplift continuous security thinking. With our findings, we make an attempt to reverse the mindset that security is not guaranteed in IoT systems, particularly that the three-dimensional model can help pave the way for a future robust and secure IoT system. It is often reported that the speed of IoT technology surpasses the capacity for the existing security requirements to keep the technological environment more secure. With continuous security thinking at hand, we foresee that an IoT security agenda can be built beforehand as a precursor to secure IoT technological developments.
To design an IoT system based on openness and security characteristics requires that their respective aspects are considered as presented above by the practitioners in the field. The importance of emphasising these aspects often refers to the benefits to be used proactively in the first phase when setting up a specific security design together with the set of grounding requirements as discussed above, and introduced in Figure 2 and Table 3. While the model does not show how each aspect is prioritized as presented in Figure 2, prioritization is not an obstacle for applying the proposed model in practice, particularly because the model must be adapted and applied according to the needs of respective organizations and their challenges.

Study Limitations
Various limitations were encountered during the research phase. The literature study is not comprehensive, but it takes into account recent developments connected to IoT openness and security. Moreover, IoT practitioners and security experts insights complement the retrieved literature. In addition, we tried to minimize the bias by the interview method as the idea was to validate the results obtained from state-of-the-art. Interviews were conducted with the total of six subjects, which might pose some threats to the results. It is worth mentioning that a pilot interview was conducted with one of the respondents to validate the design guide of the interviews. With the intention to minimize bias, subjects of this study were selected from a wide range of organizations such as from start-ups to big players in the IoT industry. Moreover, for the purpose of validity aspects of this research, study subjects were selected based on different roles, i.e., security architects, senior architect, technology experts, technology leader, security coach, security expert.

Conclusions and Future Perspectives
The goal of this paper was to prioritize openness and security thinking as mandatory characteristics for the IoT ecosystems. We proposed the state-of-the-art and provided empirical input by understanding how practitioners view openness and security for IoT ecosystems. In general, we consider that there is a need for orchestrating smart services and devices in a more open, common and secure way that affect the dynamic operating conditions of IoT environments. We therefore proposed a set of openness and security thinking characteristics as a basis to address some of the persistent challenges in the IoT field. With such characteristics considered thoroughly, the IoT system can meet its present and future requirements. Putting these characteristics in the right action, we consider that their power can help govern and make the IoT systems more open and at the same time more secure.
Reflecting upon our overall study, we consider that security is hard to be achieved specifically in the field of IoT. This is mainly due to constantly evolving new technologies and platforms that create extreme heterogeneity and fragmentation due to a lack of standardization. The results show that there is a need for a higher level of openness between different IoT systems to address the fragmentation and interoperability challenges. Openness is about using open standards, data, APIs, processes, source and open architectures (flexibility, customizability and extensibility), which provides direct benefits for IoT ecosystems such as easiness, convenience and fast development resulting in major cost-savings. We are of the thought that organizations should not rely exclusively on closed systems including algorithms, AI and ML for attaining security and privacy. Such systems can be reverse engineered exposing sensitive information and potentially very confidential information about the company, its employees and customers, and its processes. Thus, the dynamic nature of IoT brings a need to have openness and new security thinking into this area. In terms of describing security thinking, the results of our study show that when it comes to secure IoT development there is a need for continuous security thinking in terms of awareness, assessment and challenges, more so than the development of a traditional application. As a result, we believe that openness characteristics are an inseparable part of security and vice versa when thinking about designing an open and secure IoT system. Increased awareness for security aspects is crucial for IoT developers and end-users to help reduce security risks. The best way to keep security on different stakeholders' attention is to offer continuous security awareness, training and education programs. Practitioners of IoT products and services should have designed with security concepts in mind. For raising awareness, there is a need to continuously think about several more aspects, particularly for data management, team management, legal frameworks, policy enforcement and ethical concerns. Next, assessment becomes key where practitioners always need to have in mind identity management, risk management, trust management, certifications and last but not least the compliance aspects. Assessment is useful as a mechanism for evaluating the effectiveness of security controls. Finally, challenges inform us that the IoT itself is a new environment, but with continuous challenges that often forego rules on how technology should be handled. Continuous challenges such as resource constraints and heterogeneity of devices, protocols and standards add to the difficulty of securing the IoT infrastructure.
The results of this study anchor an important, yet an often overlooked IoT technological development at a crucial phase: openness vs. security thinking. Focusing attention on how to design more open and secure IoT technological systems can push future studies to develop specific measures to objectively test how security thinking can turn into action for open IoT systems. Future research can also attempt to measure the impact continuous security thinking has on actual open IoT system by observing the activities performed by the users. Moreover, the idea is to validate the conceptual model to understand how acceptable this model is in different domains (e.g., smart health or smart home context). We also plan to extend the model with additional layers for each component to practically better emphasize the application of the model in certain scenarios. With IoT systems being the target of various security attacks, our study contributes to guiding IoT practitioners with secure habits when developing open IoT systems.