IoT security – who’s responsibility is it?

Often, people are considered the weakest link in a security chain, as they are fooled into revealing passwords or choose passwords that are easily decipherable. This is a misconception that can lead some business owners or IT professionals to believe that IoT, given its near total level of automation, is inherently secure. Nothing could be further from the truth, because nothing is inherently secure.

IoT environments are a labyrinth of opportunities for cyber criminals, and this year that labyrinth is expected to grow in size by 15% (year-on-year) to reach 20 billion devices, according to IHS Markit. To put that into context, the total number of unique mobile subscriptions globally stands at 4.9 billion (according to the GSMA). IoT dwarfs P2P mobile use in terms of connections and, subsequently, in terms of its potential for breaches in security, says Sanjay Khatri, global director of product marketing, Cisco IoT.

The IoT value chain is long and complex, with every element being both essential and interdependent. Every link in the chain represents a potential vulnerability and, just like every other industry, no one provider can cover all of the IoT security vulnerabilities.

This fragmented landscape means that IoT security takes a village.

Building the IoT security village

The device manufacturer is arguably the most obvious chain to the IoT link. These firms are not necessarily the manufacturer of the ‘things’ being connected but rather they are specialist manufacturers of the elements such as communications modules and sensors that enable the things to be connected.

Establishing responsibility for securing the things is crucial. The party with technical responsibility may be different from the party that end-users consider responsible. Ultimately though, the end user-facing firm will own responsibility, as they are in the firing line if things go awry.

End users are likely to view the hardware provider as the responsible party, but problems are more likely to exist in the software. Developers need to include strict controls for authenticating user access and IoT software must have robust fraud detection and prevention mechanisms to protect both the device and the data.

Vulnerabilities also exist at the network level as devices connect to the internet via cellular, Wi-Fi, Bluetooth, LPWAN or even satellite. In the case of cellular, there is a certain level of security already built-in. Cellular connectivity uses global standards such as ciphering keys and encryption algorithms on the SIM itself to securely transmit and receive data. Cellular IoT also allows device data to be parsed into private networks to isolate it from other network traffic.

Cloud platform providers will also play a pivotal role in the development of a fully functioning IoT security landscape. Some, such as IBM, Microsoft and Salesforce, will be focused on securing the data generated by connected devices in the cloud. While IoT platforms will manage, monitor and secure the connectivity of deployed devices.

Securing the device

The level of risk involved with a device will vary depending on the context of how the it is being used. Security layers such as authentication, user access, application access, device lifecycle management, and data encryption should all be considered to safeguard connected devices.

There is often a cost/benefit trade-off between protecting everything and paying for everything and this can be quite pronounced for devices where large numbers are in use. Furthermore, device data has different levels of sensitivity. Understanding what and how many devices are in use, and the type of data being collected are critical first steps in building the appropriate device security strategy.

Network and data protection

If devices are gateways, then networks represent the connectivity highways over which data is transported to cloud applications delivering IoT services. Protecting this highway is just as important as keeping devices secure – because while the devices might be secure, there are a myriad entry points on any network. There are numerous options for securing a network and the strategy used will depend on the type of connectivity, networks and device usage.

Wireless connectivity, such as Wi-Fi or cellular, and fixed line connections each have their own set of security protocols. Device data should always be encrypted and parsed in secure private networks rather than sent openly over the internet. Additionally, network authentication allows users to verify and authorise devices on both the network and applications within the network.

Cloud coverage

IoT stems from connecting devices via secure networks to the cloud, therefore the importance of robust cloud security cannot be over-emphasised. When protecting cloud infrastructure, organisations should consider both digital and non-digital security practices. Adhering to standards such as ISO/IEC 27001 can provide a critical part of an overall strategy for ensuring information security.

In addition to securing the overall environment, businesses must get granular with controls for the IoT applications themselves, specifically with role-based access and anomaly detection. With role-based access organisations should implement identity management and access control lists to ensure that applications in the cloud are giving the right access to the right people. Anomaly detection ensures the IoT platform can not only detect anomalous or suspicious behaviour, but also automate the remediation of any anomalies as well.

The IoT security checklist

Forecasts for IoT growth are huge, however, with massive reward comes massive risk. Businesses throughout the value chain need to take a holistic view of security village which, of course, is easier said than done.

To help focus your IoT security strategy, be sure to:

  • Evaluate the end-to-end identification and authentication of all entities involved in the IoT Service (i.e. gateways, endpoint devices, home network, roaming networks, service platforms)
  • Ensure all user data shared between the endpoint device and back-end servers is encrypted
  • Store and use ‘personal’ and regulated data according to local privacy and data protection legislation
  • Utilise an IoT connectivity management platform and establish rules-based security policies for immediate action on anomalous behaviour
  • Take a holistic, network-level approach to security

The author of this blog is Sanjay Khatri, global director of product marketing, Cisco IoT

Comment on this article below or via Twitter: @IoTNow_OR @jcIoTnow

RECENT ARTICLES

Make the Intelligent Choice: Embed X103 in Smart City Outdoor Devices

Posted on: April 25, 2024

The adage “less is more” is the current state of digital transformation, starting with existing technology that has already proven successful – and then further adapting and streamlining. The “smart city” embraces this end goal by digitalizing community services where we live and work, such as traffic and transportation, water and power, and other crucial

Read more
top-view-hand-holding smartphone internet communication network

Industrial IoT adoption fuels growth in private cellular networks

Posted on: April 25, 2024

Mission-critical use cases are driving private IoT connection growth in key industrial markets like manufacturing, logistics and transportation. Industrial IoT (IIoT) customers are eager to digitalise critical use cases with high-powered, dedicated networks, making these industries leaders in private 4G and 5G adoption. According to a new report from global technology intelligence firm ABI Research,

Read more
FEATURED IoT STORIES
What is IoT answer

What is IoT? A Beginner’s Guide

Posted on: April 5, 2023

What is IoT? IoT, or the Internet of Things, refers to the connection of everyday objects, or “things,” to the internet, allowing them to collect, transmit, and share data. This interconnected network of devices transforms previously “dumb” objects, such as toasters or security cameras, into smart devices that can interact with each other and their

Read more
iot adoption

The IoT Adoption Boom – Everything You Need to Know

Posted on: September 28, 2022

In an age when we seem to go through technology boom after technology boom, it’s hard to imagine one sticking out. However, IoT adoption, or the Internet of Things adoption, is leading the charge to dominate the next decade’s discussion around business IT. Below, we’ll discuss the current boom, what’s driving it, where it’s going,

Read more

9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more
IoT Now Enterprise Buyers’ Guide Which IoT Platform 2021

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more
CAT-M1 vs NB-IoT

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more
internet of things isometric illustration of connected things

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, home automation using iot is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more
iot challenges and issues

5 challenges still facing the Internet of Things

Posted on: June 3, 2020

The Internet of Things (IoT) has quickly become a huge part of how people live, communicate and do business. All around the world, web-enabled devices are turning our world into a more switched-on place to live.

Read more