The trusted protection of the integrity of end-to-end data, networks and platforms of connected devices and the physical “things” to which they are attached.
The emerging Internet of Things has seen a proliferation of low-cost, always-on devices that serve as the foundations for a wealth of “smart” and connected digital services — from in-home smart energy meters to soil monitors in agriculture.
The security considerations needed for these systems are vastly more complex than other devices that might be deployed outside of the enterprise — say laptops or smartphones. And the standards to defend against associated threats are still fragmented and immature.
The end-to-end tools, policies and practices needed to secure a distributed array of wireless and internet-connected devices.
IoT can deliver compelling digital services to your customers. Ensuring those services are secure is essential.
Securing your IoT devices incurs additional costs. If you’re deploying thousands of IoT sensors, those costs can quickly escalate. On the other hand, lack of security can lead to a loss of control over IoT devices.
What is it?
IoT security emcompasses all of the tools, policies and practices needed to secure the deployment of potentially thousands of wireless and internet-connected devices.
The majority of IoT devices have limited processing capabilities — typically equivalent to what you may have found in a PC from a few decades ago. But despite their limited performance, their highly integrated connectivity opens up a wealth of business opportunities to create ‘smart’ infrastructure.
Unfortunately this same device, in the wrong hands, have also been transformed into a potent attack vector.
IoT security describes all the characteristics, processes and data that need to be understood and successfully implemented to guarantee end-to-end trusted integrity of digital services operating on these complex networks.
The security architecture for IoT needs to include a variety of hardware and software components employed by a multitude of device manufacturers. You also need your devices to operate in untrusted environments such as consumer homes and industrial workplaces, where attackers could get unfettered access to the connected devices.
What’s in for you?
If you’re looking to gain business value from IoT deployments, securing your assets is essential.
How you approach IoT security depends on the role you play in the IoT ecosystem.
For the manufacturer, you need to demonstrate your trusted device manufacturing, embedded development and supply chain integrity.
For the platform vendor and integrator, you have the greatest challenge in ensuring evolutionary software features are deployed across consumer devices while managing the security of your own cloud platform. Consumers and the media are not forgiving when there is even a small lapse in protection of your connected products.
What are the trade offs?
Maintaining a low cost-per-unit is essential to ensure an economical IoT deployment. But that may not be possible if deployed devices struggle to support basic security essentials, such as encryption.
Devices are simply vehicles for more profitable software services but under-engineering will be detrimental and increase risk. Similarly, outsourcing of embedded software engineering needs to be fully considered when evaluating risk versus cost.
How is it being used?
Stories such as those of hijacked smart doorbells have alerted people to the risks of ignoring IoT security.
And organizations appear to be waking up to the risks. As a result, device makers have stepped up their security efforts . We’re now seeing IoT devices ship that don’t have default credentials — which cuts off one of the commonly used attacks.
Provisioning mechanisms are more robust and automated. The end-to-end activity of devices can be proactively monitored and devices can be securely and rapidly upgraded in the event of emerging threats.
Search for another topic
Would you like to suggest a topic to be decoded?
Just leave your email address and we'll be in touch the moment it's ready.