12 Tips for Implementing IoT Security

 
 
By Karen A. Frenkel  |  Posted 08-16-2016 Email
 
 
 
 
 
 
 
 
 
  • Previous
    12 Tips for Implementing IoT Security
    Next

    12 Tips for Implementing IoT Security

    A failure to secure IoT devices could stall the progress of the Internet of things, preventing the technology from fully realizing its vast potential.
  • Previous
    Broad Security Needed
    Next

    Broad Security Needed

    IoT security needs to span from cloud to end device: any vulnerability affecting many end devices could have a wide impact on the rest of the system or service.
  • Previous
    Implement Security at Design Time
    Next

    Implement Security at Design Time

    Security should be implemented in IoT products at design time. It should derive from a system view and be built from a mix of hardware and software features.
  • Previous
    Three Types of IoT Security
    Next

    Three Types of IoT Security

    Security for IoT nodes can mean many different things. We can categorize them into three different groups: Lifecycle security, Communication security, Device security.
  • Previous
    Lifecycle Security
    Next

    Lifecycle Security

    Lifecycle security covers the ability to securely and remotely manage the device at different stages of its life, from configuration, monitoring and upgrade, until its decommissioning or revocation.
  • Previous
    Communication Security
    Next

    Communication Security

    Communication security relates to the measures that should be put in place to guarantee the integrity, authenticity and confidentiality of the link between the device and the cloud.
  • Previous
    Device Security
    Next

    Device Security

    Device security focuses on the integrity of the IoT node itself, the protection of its resources, data, and behavior over the time of its deployment in the field.
  • Previous
    Security Proportional to Threats
    Next

    Security Proportional to Threats

    The security implementation needs to be proportional to the threats the device will face, and also to the estimated cost of a security breach.
  • Previous
    Comprehensive Threat Assessment
    Next

    Comprehensive Threat Assessment

    A threat assessment needs to be completed and should take the whole system into consideration, including potential side effects.
  • Previous
    Make Protection against Scalable Attacks the Priority
    Next

    Make Protection against Scalable Attacks the Priority

    For IoT nodes, protection against scalable attacks—those that can inexpensively be duplicated in other devices—is a priority.
  • Previous
    Chain of Trust
    Next

    Chain of Trust

    Security can be built into a system as a chain of trust, starting with a Root of Trust—a minimal secure domain with dependable security functions, with private access to protected keys. To implement this properly, isolation is key.
  • Previous
    Rely on Pre-Integrated Solutions
    Next

    Rely on Pre-Integrated Solutions

    Designing a secure product from scratch is time-consuming and prone to security holes. It saves time to rely on pre-integrated solutions that expert teams have verified.
  • Previous
    Include Security Evaluation Into Product Development
    Next

    Include Security Evaluation Into Product Development

    A security evaluation, for example, an external security code audit or white box testing, should be planned into the product development.
 

The internet of things (IoT) is everywhere. It's in our homes, cars, offices and most commonly around our wrists. It's changing the way factories are run, how health care is delivered and how cities operate. With an estimated 5.5 million new "things" connected each day, and an expected 6.4 billion in circulation by the end of 2016, according to Gartner research, the IoT will increasingly become part of our lives. But with the IoT's proliferation comes great responsibility. You cannot take the security of the rapidly expanding IoT ecosystem for granted. Even the smallest, most minimally connected device must have the appropriate safeguards built in throughout its lifecycle. It's time to focus on IoT security at the point of design to securely manage devices from inception through implementation. "The potential of IoT devices and sensors is enormous," says Mike Eftimakis, IoT Product Manager at ARM. "However, if we fail to ensure the security of each device, it's very likely that the exploitation of unguarded vulnerabilities will stop progress, preventing us from ever fully realizing that vast potential." Here are Eftimakis's tips for implementing IoT security within products.

 
 
 
 
 
Karen A. Frenkel writes about technology and innovation and lives in New York City.

 
 
 
 
 
 

Submit a Comment

Loading Comments...