The IoT is already revolutionizing the way we live; creating smart homes, connected transport, intelligent energy systems and even changing our perceptions of sport. However, the technology relies on the transmission of large volumes of data. With huge amounts of information floating about in the cyberspace, and millions of connected devices, hackers are finding more opportunities to cause mayhem. Fortunately, there are ways of tackling the problem and build a secure IoT infrastructure.
By securing the device, the network, and the cloud, we can address the risks of a hack. Here are some principles for constructing a robust IoT infrastructure.
Security by design
Developers should assess the security needs of the infrastructure by conducting a rigorous risk evaluation at the very beginning of the design process. Security by design needs to include a detailed audit, analyzing the risks and considering the dynamic nature of cyber threats.
The assessment should include all elements: the device, the cloud, and the networks. It should measure the impact of fraud against the cost of what needs to be protected, achieving a balance.
Securing the devices
There are two steps to securing devices, the first of which involves equipping them with robust identities. To protect their integrity (identity, device software and its configuration), manufacturers have to invest in appropriate security frameworks, whether they are hardware-based, software-based or a combination of both, especially for devices used in high-risk or potentially hostile environments. For instance, connected devices used for automotive, drones, factories sensors and security cameras etc…. A crucial part of building secure identities is authentication; these connected devices must be able to conduct mutual authentication with, other devices, the cloud, the network, so only authorized access is permitted.
In addition, security lifecycle management needs to be deployed. What this means is ensuring IoT devices can adapt to dynamic threats through downloading software, software patches and security updates on a regular basis.
Secure the cloud
A secure IoT infrastructure must also protect data, both in motion or at rest, and ensure it is correctly encrypted. Access to devices’ data from consuming systems (smartphones, tablets…) or application servers should be rigidly controlled through strong authentication mechanisms.
Secure the networks, protecting data in the network
On every step of its journey, data coming from reliably authenticated devices need to be protected, otherwise it could fall into the wrong hands. Through a combination of techniques like applicative data encryption and integrity protection we can mitigate the risks of cyber-attack.
By following these principles, we can help to construct a secure IoT infrastructure, allowing connected technology to reach its full potential without jeopardizing user trust. To find out more about IoT security, read our dedicated webpage.
By : Didier Benkoel-Adechy
Didier works in Segment Marketing for mobile at Gemalto. Didier blogs on all matters related to NFC, mobile payments, mobile wallet and more generally mobile security, across multiple business verticals such as Banking, Telecoms, Government and Automotive. Didier holds a PhD Degree in Engineering from Imperial College, London UK.