4 Fundamentals to Ensure IoT Security

Last updated: 31 October 2019

Did you know that the Internet of Things (IoT) is now a new word in the dictionary , along with the other ones like ‘fitness tracker’, ‘digital citizen’ and ‘digital wallet’? If you have been following our blogs or industry developments, I think you would agree that with so much excitement buzzing around the possibilities, conversations  are increasingly moving beyond just business and government offices.

The IoT Outlook 2015 report suggests that 2020 will be a big year for IoT, with 62% of service providers ready to monetize their IoT investments. Mobile network operators will play important roles in this connected world, simultaneously managing data requirements from consumers, enterprises, industries, and governments. Not only will they have to handle data with complete security, but they will have to make more informed decisions, automatically, with intelligence derived from real-time analysis of this “wonder data”.

Click here for a quick illustration of the importance of security in the IoT

In the study of 1,000 industry professionals,  security challenges were found to represent the biggest inhibitor to IoT, according to 42% of respondents. In a bid to provide increased connectivity and mobility, more and more manufacturers are rushing to make their devices easy to connect, often ignoring the security vulnerabilities that arise from being connected to a complex and dynamic distributed system.

This rush to connect everything has also given rise to standardization issues, something that 37% of those polled rated as the biggest challenge for the IoT to overcome.

Clearly these concerns need to be addressed. Each element in the IoT ecosystem whether it’s the device, network, clouds, data, or back-end system is vulnerable to cyber-attacks.

To realise the full potential of the IoT, it is important to put trust in each of these components, right from the conceptual stage, and not as an afterthought! While risk evaluation must to be done on a case-by-case basis and security architecture tailored accordingly, the core strategies to establish trust in this giant ecosystem remain relevant for all. We cover this in detail in our ebook on IoT security.

  • Authentication/identification: Each device needs to reliably identify itself and prove that it can securely communicate with other devices in the system. This can be achieved using a combination of digital certificates and hardware-based anchor of trust. Strong user authentication should also be used to control user access.
  • Confidentiality: Encrypt all data, in physical networks, virtualized environments, the cloud, or in motion, to protect it from unwanted disclosure. Data encryption obscures vital information, making it useless even if it is compromised. Only authorized recipients will be able to decrypt the content.
  • Integrity: It is important to protect data from unauthorized modification such as malicious code injections. Code signed with digital certificates can be used to verify the integrity of the data and make sure that the content has not been tampered with or altered during transmission.
  • Non-repudiation: This serves as irrefutable proof of the validity and origin of all data transmitted. Digitally signed documents and transactions using hardware security device can provide strong non-repudiation for the date and origin of transaction.

Delivering the promise of IoT will require careful planning and trusted solutions, all the way from manufacturing and service infrastructure, through to devices and networks. No doubt connectivity seems to be outpacing security at the moment, but the success of the IoT will depend on solutions that are smart at preventing, detecting, and removing the security and privacy threats from end-to-end.

 

One thought on “4 Fundamentals to Ensure IoT Security

  1. Good description of coming issues that IoT will face. A way to provide security and control access to all these devices is to return absolute control to the owner….replace the use of keys based on “something you know” (passwords) with “something you are” (biometrics). Something like Mobile Enterprise Credentials.
    Finis Conner

Leave a Reply

Your email address will not be published. Required fields are marked *