The trusted protection of the integrity of end-to-end data, networks and platforms of connected devices and the physical “things” to which they are attached.
The emerging Internet of Things has seen a proliferation of low-cost, always-on devices that serve as the foundations for a wealth of “smart” and connected digital services — from in-home smart energy meters to soil monitors in agriculture.
The security considerations needed for these systems are vastly more complex than other devices that might be deployed outside of the enterprise — say laptops or smartphones. And the standards to defend against associated threats are still fragmented and immature.
What is it?
IoT security emcompasses all of the tools, policies and practices needed to secure the deployment of potentially thousands of wireless and internet-connected devices.
The majority of IoT devices have limited processing capabilities — typically equivalent to what you may have found in a PC from a few decades ago. But despite their limited performance, their highly integrated connectivity opens up a wealth of business opportunities to create ‘smart’ infrastructure.
Unfortunately this same device, in the wrong hands, have also been transformed into a potent attack vector.
IoT security describes all the characteristics, processes and data that need to be understood and successfully implemented to guarantee end-to-end trusted integrity of digital services operating on these complex networks.
The security architecture for IoT needs to include a variety of hardware and software components employed by a multitude of device manufacturers. You also need your devices to operate in untrusted environments such as consumer homes and industrial workplaces, where attackers could get unfettered access to the connected devices.
What’s in for you?
If you’re looking to gain business value from IoT deployments, securing your assets is essential.
How you approach IoT security depends on the role you play in the IoT ecosystem.
For the manufacturer, you need to demonstrate your trusted device manufacturing, embedded development and supply chain integrity.
For the platform vendor and integrator, you have the greatest challenge in ensuring evolutionary software features are deployed across consumer devices while managing the security of your own cloud platform. Consumers and the media are not forgiving when there is even a small lapse in protection of your connected products.
What are the trade offs?
Maintaining a low cost-per-unit is essential to ensure an economical IoT deployment. But that may not be possible if deployed devices struggle to support basic security essentials, such as encryption.
Devices are simply vehicles for more profitable software services but under-engineering will be detrimental and increase risk. Similarly, outsourcing of embedded software engineering needs to be fully considered when evaluating risk versus cost.