IoT Security Overview

Welcome to your next activity where we’ll explore security, a very important aspect of IoT.

IoT is the wave of the future, offering businesses immediate and real-world opportunities to reduce costs, increase revenue, and transform their business.

However, many businesses are hesitant to deploy IoT in their organisations due to concerns about security, privacy, and compliance. A major point of concern comes from the uniqueness of the IoT infrastructure which merges the cyber and physical worlds together, compounding individual risks inherent in these two worlds.

Security of IoT is about ensuring the integrity of code running on devices, providing device and user authentication, defining clear ownership of devices (as well as data generated by those devices), and being resilient to cyber and physical attacks.

Then there’s the issue of privacy. Companies want transparency concerning data collection, as in what’s being collected and why, who can see it, who controls access, and so on. Finally, there are general safety issues of the equipment along with the people operating them, and issues of maintaining industry standards of compliance.

Given the security, privacy, transparency, and compliance concerns, choosing the right IoT solution provider remains a challenge. Stitching together individual pieces of IoT software and services provided by a variety of vendors introduces gaps in security, privacy, transparency, and compliance, which may be hard to detect, let alone fix.

The choice of the right IoT software and service provider is based on finding providers that have extensive experience running services, which span across verticals and geographies, but are also able to scale in a secure and transparent fashion. Similarly, it helps for the selected provider to have decades of experience with developing secure software, and have the ability to appreciate the threat landscape posed by this new world of IoT.

Protecting IoT solutions requires that businesses ensure each of the following:

• Secure provisioning of devices
• Secure connectivity between these devices and the cloud
• Secure data protection in the cloud during processing and storage.

However, working against this functionality are resource-constrained devices, geographic distribution of deployments, and a large number of devices within a solution.

Have a look at the following articles to explore this further.

Further Reading

• IoT Security Ground-up

• Security Best Practices.

Once you’ve done some further reading, mark this step as complete and let’s move on to threat modelling.