Secure IoT by design has been saved
Perspectives
Secure IoT by design
Cybersecurity capabilities to look for when choosing an IoT platform
The Internet of Things (IoT) is a set of business and technology innovations that offers many compelling benefits. But it also presents significant cybersecurity risks and a greatly expanded attack surface. Mitigating these risks by understanding IoT platform security can help organizations realize the potential and benefits of the technology.
The risks of IoT
IoT platforms are emerging that make IoT development and deployment much easier. But just as important is their ability to enhance IoT platform security. With IoT, devices are both smart and connected—gathering and sharing data without the need for human intervention. This enables information to be collected and shared on a massive scale with unprecedented levels of speed, efficiency, and detail.
This also makes it a target for bad actors looking for any little weakness. IoT greatly expands the universe of potential weaknesses—in a particular device, device-to-device communications, or the broader internet. Even a single breach point may be enough to compromise an entire network.
IoT provides a bridge between digital and physical, making it possible for hackers to wreak havoc in the physical world—whether it’s taking control of your vehicle or causing a nuclear power plant to melt down. The World Economic Forum noted, “hacking the location data on a car is merely an invasion of privacy, whereas hacking the control system of a car would be a threat to a life.”1
For organizations choosing an IoT platform, cybersecurity risks need to be identified and addressed.
IoT platforms can help
Like a computer operating system, an IoT platform provides a standard foundation for applications to build on, so they don’t have to be programmed to do everything from scratch. For example, a computer operating system handles all the intricate details of reading and writing data to a storage device, using standard data formats. This saves application developers a lot of time and effort—but just as important, it reduces the chaos and complexity that often results from every application doing the task its own way.
Key components of an IoT platform can include everything from hardware devices deployed in the field, to large mission-critical applications used by executive management to drive the business. The integration of these components into a comprehensive network of mission-critical infrastructure is an important and complex undertaking that can drive business value and competitive advantage for organizations that are able to do it effectively.
IoT platform components comprise the backbone of a network of hardware, software, data, and application components that together provide the means to take simple bits of data and transform them into powerful corporate tools.
Secure by design
Secure by design is the inclusion of security design principles, technology, and governance at every stage of the IoT journey. When an organization looks at creating, deploying, and leveraging connected technology to drive its business, security must be integrated into every component, tier, and application to preserve the integrity of the IoT solution and minimize the risk of cyber threats.
Developing IoT solutions around a standard platform allows organizations to develop security solutions for IoT devices in a consistent manner. In contrast, when organizations develop IoT platforms from scratch it can unknowingly increase the potential for cyber-related risks. IoT platforms typically include standard tools and methods that can promote good design habits and help developers build strong security into their solutions from the outset.
In addition, IoT platforms are commonly designed and tested holistically to validate that there is a high level of security deployed at every level, not only within individual components but also for all components working together as a whole.
Secure. Vigilant. Resilient.
As more connected technology is deployed throughout an organization, leaders should be asking key questions about their IoT solutions: Are we really protected? How do we know if we have been breached? Can we respond effectively to a cyber incident? How will we recover?
Organizations that ask these questions soon realize that having a strong security model isn’t just about being secure; it’s about being secure, vigilant, and resilient. What does “secure, vigilant, and resilient” mean in the context of IoT?
Secure
Like fences and locked doors in the physical world, these are the mechanisms designed to keep bad actors out.
Key question: "Are we really protected?" Secure IoT requires hardening the end-to-end solution. Organizations should include secure components—such as secure code scanning, vulnerability management, application security, and identity/access management into each tier of the IoT landscape.
Vigilant
Like security cameras and a guard at the front desk, capabilities in this area help sense, detect, and predict cyber threats before they become attacks; attacks before they become breaches; and breaches before they become crises.
Key question: "How do we know if we’ve been breached?" Being vigilant around IoT requires having the people, processes, and technology components to identify network and physical vulnerabilities, identify known and unknown assets, and periodically test protection levels.
Resilient
The ability to manage cyber incidents effectively—responding quickly to minimize the damage from an incident, and getting operations back to normal as quickly as possible.
Key question: "Can we respond effectively to a cyber incident?" Being resilient is understanding the potential impacts and having response plans to recover from a cyber event.
Benefits of IoT
The potential benefits of IoT are tremendous, but so are the associated cyber risks. Secure IoT by design examines the risks associated with IoT and highlights the cybersecurity capabilities IoT platforms must have in order to address cyber risks effectively.
IoT solutions are connecting digital and physical worlds in innovative ways—with breakthrough business results.
Explore our IoT offerings
Learn more about Turnkey IoT, our suite of preconfigured solution accelerators
Explore our interactive site and learn how organizations are securing the IoT in a cyber everywhere world.
Recommendations
Cyber risk management and the IoT: A video series
Being secure, vigilant, and resilient in the connected age
Turnkey IoT accelerators
What if the best version of your business was weeks—not months—away?