What is it?

IoT security emcompasses all of the tools, policies and practices needed to secure the deployment of potentially thousands of wireless and internet-connected devices.

The majority of IoT devices have limited processing capabilities — typically equivalent to what you may have found in a PC from a few decades ago. But despite their limited performance, their highly integrated connectivity opens up a wealth of business opportunities to create ‘smart’ infrastructure. 

Unfortunately this same device, in the wrong hands, have also been transformed into a potent attack vector. 

IoT security describes all the characteristics, processes and data that need to be understood and successfully implemented to guarantee end-to-end trusted integrity of digital services operating on these complex networks. 

The security architecture for IoT needs to include a variety of hardware and software components employed by a multitude of device manufacturers. You also need your devices to operate in untrusted environments such as consumer homes and industrial workplaces, where attackers could get unfettered access to the connected devices.

What’s in for you?

If you’re looking to gain business value from IoT deployments, securing your assets is essential.

How you approach IoT security depends on the role you play in the IoT ecosystem. 

For the manufacturer, you need to demonstrate your trusted device manufacturing, embedded development and supply chain integrity. 

For the platform vendor and integrator, you have the greatest challenge in ensuring evolutionary software features are deployed across consumer devices while managing the security of your own cloud platform. Consumers and the media are not forgiving when there is even a small lapse in protection of your connected products.

What are the trade offs?

Maintaining a low cost-per-unit is essential to ensure an economical IoT deployment. But that may not be possible if deployed devices struggle to support basic security essentials, such as encryption. 

Devices are simply vehicles for more profitable software services but under-engineering will be detrimental and increase risk. Similarly, outsourcing of embedded software engineering needs to be fully considered when evaluating risk versus cost.

How is it being used?

Stories such as those of hijacked smart doorbells have alerted people to the risks of ignoring IoT security.

And organizations appear to be waking up to the risks. As a result, device makers have stepped up their security efforts . We’re now seeing IoT devices ship that don’t have default credentials — which cuts off one of the commonly used attacks. 

Provisioning mechanisms are more robust and automated. The end-to-end activity of devices can be proactively monitored and devices can be securely and rapidly upgraded in the event of emerging threats.