city lights


Trustworthy and Resilient Connected Products

Developing and deploying secure products, by design

Improving usability and functionality, maintaining a competitive advantage, and extending the connectivity of the Internet of Things (IoT) are top goals for both product manufacturers and users of these products. While there are growing benefits to these increasingly connected things, those benefits can also quickly diminish if the cyber, safety, and privacy risks go unaddressed.

Connected products and their associated risks are under a microscope

With cyber everywhere, cyber vulnerabilities in connected products can be exploited to gain unauthorized access to data on—or transmitted by—products, the network, and the connected IT system. When compromised, threat actors can steal consumers’ information, manipulate data, exploit suppliers, hold systems or information for ransom, or manipulate connected products to harm consumers. In addition, the rise of new types of customer data (e.g., biometrics) collected significantly raises potential privacy concerns.

city connectivity

Why now? Regulation is on the rise.

Multiple pieces of legislation have been passed in an attempt to improve product security, safety, and privacy posture in the United States (US). The myriad of regulations is growing.

  • The US Senate proposed guidelines for securing products in the “Internet of Things Cybersecurity Improvement Act of 2017.”1
  • In 2018, California signed SB-327,2 a law requiring that manufacturers (selling to users in California) of a device that connects “directly or indirectly” to the internet must equip it with “reasonable” security and privacy features by January 1, 2020.
  • California also passed the California Consumer Protection Act (CCPA),3 which requires companies to adhere to privacy requirements on the collection and usage of California residents’ personal information by July 1, 2020.

earth space view

Security and privacy everywhere. By design anywhere.

It is not easy to secure connected products in highly dynamic environments where threats change from day to day. However, there is a way to combat the growing regulatory and threat landscape.

Manufacturers should consider implementing “security by design” and “privacy by design” processes into their product development life cycle to design a device from the ground up to be secure and incorporate privacy principles, versus adding security and privacy features after the device has been delivered to the market.

This by-design approach takes into consideration many factors—new regulations and guidelines, the current threat environment, technical testing results and more—as the device is being designed, built, and tested.

Those who procure products should build security and privacy/sensitive information requirements into their procurement process and act to securely implement and maintain the product and associated data once acquired.

World connectivity

We can help—across the IoT and connected product ecosystem

Deloitte Cyber Product Safety and Security (ProdSS) services can help across the connected product ecosystems—product manufacturers, suppliers, third-party software and hardware providers, and digital platform companies—by lowering risks associated with advanced connected products.

Using a practical, business-centric approach, we advise many of the world’s largest, advanced global organizations on how to address product-specific issues and strengthen aspects of their product security and privacy programs, device architecture, and other issues related to the products they manufacture and/or acquire. Our wide range of services include:    

city road view

Trusted by the world’s leaders. Chosen by the world’s innovators.

We manage cyber everywhere so you can innovate anywhere. From the visionaries reimagining businesses and the disruptors changing industries to the pioneers creating new markets, Deloitte is helping organizations solve their complex problems. So you can build a confident future—one idea, innovation, and breakthrough at a time.

A cross-industry approach with continuous improvement and insights
Our deep industry view spans product, device, and other connected products across their lifecycles. We have experience performing product security and privacy maturity assessments for consumer products, health and medical device manufacturers; penetration testing products, medical devices, and connected vehicles; in addition to setting up customized monitoring tools on manufacturers’ lines and industrial control systems. Deloitte Cyber ProdSS professionals draw on the cross-industry insights and leading practices experience to identify issues and develop customized recommendations—isolating cyber gaps for clients that otherwise may not have been recognized.

We don’t rest there. Ongoing collective efforts are required to drive continuous improvement in connected product safety. Deloitte Cyber professionals contribute the insights garnered through project engagements across industries, applications, and connected things to assist in the ongoing development of standards and industry guidance. We have worked alongside Underwriters Laboratories and many other organizations, providing product security guidelines and standards feedback.

It is our commitment to help manufacturers and smart product consumers protect their data and realize the potential future of a hyperconnected world. And we are recognized for it by many of the world’s leading analysts: as a global leader in Internet of Things services, The Forrester WaveTM; #1 by Gartner in market share for Security Consulting Services; and as a leader in Cybersecurity Incident Response Services, The Forrester WaveTM.


End notes

1 California Legislative Information, SB-327, Information privacy: connected devices,

2 California Legislative Information, AB-375 Privacy: personal information: businesses,, S.1619, Internet of Things (IoT) Cybersecurity Improvement Act of 2017,

Get in touch

Wendy Frank

Wendy Frank

Principal | Deloitte Risk & Financial Advisory

Wendy, a principal at Deloitte & Touche LLP, is the Cyber IoT Leader in the Cyber & Strategic Risk practice of Deloitte Risk & Financial Advisory. She focuses on providing Cyber Risk services cross in... More

Russell Jones

Russell Jones

Partner | Deloitte Risk & Financial Advisory

Russell, a partner at Deloitte & Touche LLP, is the Medical Device Safety and Security (MeDSS) leader for the Cyber Risk Services Infrastructure practice of Deloitte Risk & Financial Advisory. He is a... More

Veronica Lim

Veronica Lim

Deloitte Risk & Financial Advisory

Veronica has 30 years of experience in helping global companies transform their product security programs across several industries. Veronica is a founding member of Deloitte’s Product Security practi... More

Fullwidth SCC. Do not delete! This box/component contains JavaScript that is needed on this page. This message will not be visible when page is activated.