IoT Security from the Ground Up

How to safeguard your network in the age of the Internet of Things.
By Chris Francosky
Mar 05, 2018

According to a recent study from Ponemon Institute that surveyed 16,450 IT and IT security professionals working in mobile and Internet of Things (IoT) security, only 30 percent of respondents said their organization dedicates an appropriate amount of budget to secure mobile applications and IoT devices. As the number of IoT endpoints skyrockets, this low attention to security is a significant concern. While the data generated by IoT devices can create great value for businesses, it also represents a growing treasure trove for cyber criminals.

You can reduce your exposure to IoT security risks by following the best practices discussed below:

Design Considerations
Are you building your IoT solution with security in mind, or is it an afterthought? If security is not prioritized in the initial design, it will be more difficult to integrate later in the process. Identifying potential threats early in the design stages allows you to proactively reduce liabilities and be better prepared if a breach occurs.

As you are building an IoT application, weave security into every aspect of its design. Assign at least one member from the development team to be focused on security, and, if possible, have that person complete an industry-standard security certification. Also, establish protocols for internal security and regular testing, and update future guidelines based on those findings.

Data Encryption
Is your data sufficiently protected? Many IoT devices transmit some degree of confidential or personal information. Some examples include patient information (in the health-care industry), credit card numbers (for retailers) or Social Security information (with financial services organizations). Data encryption changes information so that it is unreadable to threat actors that may be eavesdropping on the connection.

To sufficiently protect data in transit, at a minimum it is critical to deploy a site-to-site VPN tunnel from the IoT operator network to the back-end server's network. Doing so enables encrypted data transmission across the most vulnerable segment of the network path. That said, even under the assumption that the VPN tunnel is between two trusted networks, it is still important to use controls for strong authentication on the endpoints should a device or the channel be compromised.

Simply enter a question for our experts.
Sign up for the RFID Journal Newsletter
We will never sell or share your information
RFID Journal LIVE! RFID in Health Care LIVE! LatAm LIVE! Brasil LIVE! Europe RFID Connect Virtual Events RFID Journal Awards Webinars Presentations