We all know that the IoT introduces a variety of new challenges to companies — one of the largest and most important is security. It feels like every day a major security breach or threat is making headlines– from cars to garage doors to Barbie dolls – the IoT is not immune. Security is hot on our minds as well. We’ve discussed the security fundamentals when developing an IoT product, as well as the importance of identity and data management. Today, I want to take those conversations a bit further and shine a light on some existing security methodologies that will dramatically reduce a company’s risk and vulnerability to security threats.
Security at Every Stage
One of the biggest mistakes companies make when embarking on an IoT project is failing to have security considerations as a priority from the initial design and throughout subsequent development and deployment of the product. There are multiple vulnerability points in an IoT system across both the product and infrastructure. We see companies too often leaving security as an afterthought trying to bolt it on a finished product, which is a recipe for failure. Security should be at the fore front of every step of the process from hardware design to user management to applications and to product workflows such as provisioning. Utilizing a connected product management platform automatically inserts security into each stage of an IoT journey from design through provisioning of products and even through decommissioning and product end-of-life. In a DIY model these steps will not initially be defined and leave room for failure and attacks.
Leveraging a Threat Model Based Approach
In the development of Xively and in the work we do with our customers, we have utilized the STRIDE model for security and risk management. Security professionals have long used the STRIDE threat model to identify and categorize threats to a system. This model has worked well for cloud and mobile solutions in the past and its principles are still relevant for securing the next wave of connected products. By using a model based approach is more comprehensive and provides the steps and building blocks for identifying threats and vulnerabilities. It is a systematic approach that often exposes gaps that would otherwise not be seen.
Learn from Past Technology Trends
With the IoT being a relatively new market, many of the security challenges facing us have already been solved through broader efforts in internet and mobile security. An IoT connected product management solution should address the core security and user management issues that are the entry points for security threats. Leveraging industry-standard encryption protocols and provisioning workflows for IoT products can help companies accelerate product time-to-market. Building on existing practices is a foundation is a good start and allows companies to focus on IoT specific challenges. Companies should be spending more time on usage model specific threats in their products and leave the rest of security management to a proven platform.
Cybersecurity is already a challenge for companies and IoT connected products will only add complexity and new vulnerabilities. A simple security flaw can easily ruin the best product design or business model and tarnish the company’s reputation. Rather than spending valuable resources and funding on creating internal and proprietary security solutions, look for proven platforms and solutions that are purpose-built for the IoT providing the key capabilities needed including identity and user management and workflows associated with connected products like provisioning. Working with these trusted partners will help reduce cost, accelerate time to market, diminish risk and help ensure you don’t end up in the headlines.