How do we build secure IoT infrastructure?

Last updated: 05 July 2017

 

The IoT is already revolutionizing the way we live; creating smart homes, connected transport, intelligent energy systems and even changing our perceptions of sport. However, the technology relies on the transmission of large volumes of data. With huge amounts of information floating about in the cyberspace, and millions of connected devices, hackers are finding more opportunities to cause mayhem.

Fortunately, there are ways of tackling the problem, and we’re delighted to say some of our solutions were highlighted in a recent article by Gil Press on Forbes. We’ve also been cited by Gartner, as one of the key actors of IoT Security in their new Market Guide.

By securing the device, the network, and the cloud, we can address the risks of a hack. Here are some principles for constructing a robust IoT infrastructure.

  1. Security by design

Developers should assess the security needs of the infrastructure by conducting a rigorous risk evaluation at the very beginning of the design process. Security by design needs to include a detailed audit, analyzing the risks and considering the dynamic nature of cyber threats.

The assessment should include all elements: the device, the cloud, and the networks. It should measure the impact of fraud against the cost of what needs to be protected, achieving a balance.

  1. Securing the devices

There are two steps to securing devices, the first of which involves equipping them with robust identities. To protect their integrity (identity, device software and its configuration), manufacturers have to invest in appropriate security frameworks, whether they are hardware-based, software-based or a combination of both, especially for devices used in high-risk or potentially hostile environments. For instance, connected devices used for automotive, drones, factories sensors and security cameras etc…. A crucial part of building secure identities is authentication; these connected devices must be able to conduct mutual authentication with, other devices, the cloud, the network, so only authorized access is permitted.

In addition, security lifecycle management needs to be deployed. What this means is ensuring IoT devices can adapt to dynamic threats through downloading software, software patches and security updates on a regular basis.

  1. Secure the cloud

A secure IoT infrastructure must also protect data, both in motion or at rest, and ensure it is correctly encrypted. Access to devices’ data from consuming systems (smartphones, tablets…) or application servers should be rigidly controlled through strong authentication mechanisms.

  1. Secure the networks, protecting data in the network

On every step of its journey, data coming from reliably authenticated devices need to be protected, otherwise it could fall into the wrong hands. Through a combination of techniques like applicative data encryption and integrity protection we can mitigate the risks of cyber-attack.

By following these principles, we can help to construct a secure IoT infrastructure, allowing connected technology to reach its full potential without jeopardizing user trust. To find out more about IoT security, read our dedicated webpage. Alternatively, if you want to discover more about the devious techniques hackers deploy, check out our Cyber Investigators comic.

What are your thoughts on the hottest IoT security technologies? Let us know by tweeting to us at @GemaltoIoT or posting a comment below.

Leave a Reply

Your email address will not be published. Required fields are marked *