Best Practices
IoT security is like cake: It’s best in layers.
One of the fantastic benefits we get from the Internet of Things is that it extends the convenience of digital life into our physical world.
This is in large part due to the many devices that we find on our bodies, embedded in our homes and vehicles, and scattered among various other aspects of our daily lives.
Given the ubiquity of these devices I would make the argument that there are so many devices making up the IoT that there is no single solution to mitigate all threats.Hence, we have to layer our security for optimum protection.
5 Layers of Security
Let's start by acknowledging the reality that attacks are going to happen, despite our best efforts. Now lets make the assumption that some of these attacks are going to be at least partially successful — and address how we can layer IoT security to help limit, if not mitigate, the damage from these attacks.
The objective is to implement security in a way that doesn’t hinder the users ability to access the services offered by the IoT device or network.
I like to take a five-layer approach for both cake and security, but since we are talking about security and not cake, let’s start with authentication.
In many cases, the point of vulnerability in the IoT network comes at the edge where the user interacts with a device, this can be made more secure by implementing some form of authentication for each interaction.
This way the users, or their devices, have to authenticate before accessing whatever service the edge device offers. This might be as simple as a one time authentication the first time the device is accessed and then just passing a token after that.
This adds our first layer of security.
Keep It Anonymous
Next up is what I would consider the most important layer: data anonymity.
Working to keep the data collected anonymous from the very beginning helps to devalue it to an attacker and helps to protect the user and provider in the case of a successful attack.
It’s also just good form. Many users might not understand the risk they are taking with their data and it’s important for companies to take that extra step to protect the users.
The next layer is encryption. There is no reason to have communication between IoT devices traversing your network that is not encrypted.
Leaving IoT communication and data unencrypted is asking for trouble.
Even if you implement the first two layers, letting that data fly around unencrypted leaves it open to interception. Encrypt your communication between IoT devices or between a device and its platform.
Learning Opportunities
Webinar
Jun
6
The Future of Social Media: Emerging Trends and How to Stay Ahead of the Curve
The impact of emerging technologies like AI on social media
Webinar
Jun
7
The Building Blocks of Personalization
This webinar will explore how personalization can create powerful ecommerce shopping experience.
Webinar
Jun
8
Attracting—and Keeping—Your High-Net-Worth Investors
Join PwC to dissect their recent survey findings on a specific customer subset — high-net-worth investors.
Webinar
Jun
13
The Future of Contact Centers with AI at the Helm
Learn how to balance human intuition and interaction with the potential uses of AI to create delightful and lasting CX
Webinar
Jun
20
3 Steps to Unlock Your Customer Data and Drive Revenue
Discover how Twilio Segment’s #1 Customer Data Platform helps implement data-driven strategies.
Webinar
On demand
AI for Marketers: Optimize Personalization Across the Funnel
Understand the benefits of utilizing AI across your entire marketing stack
Make Sure It's All Up-to-Date
The fourth layer is ensuring that all of your firmware, software and security suites are up to date.
Letting any of these fall behind their newest updates can expose you to vulnerabilities that quickly become known by attackers who are keen to exploit such opportunities.
Having a policy in place to rapidly test and deploy any security updates in these areas can go a long way protecting your IoT network.
Now we get to the last layer. And that is to test and test again.
My grandfather, who was a carpenter, would always say measure twice and cut once. And though I have never had much of an aptitude for carpentry, it has become a concept I use repeatedly in my life as a technologist.
For me the measurement is testing, test everything, and test it twice. The cut is my implementation; if I have thoroughly tested my design and then tested it again it should stand to reason that my implementation should go fairly smooth.
And after I implement it I will keep testing to make sure everything is work, testing every layer of your security is a key task, not just to keep your network safe, but also for your peace of mind.
Future Proofing
Though the concept of the IoT, at least in a very early form, dates back to Kevin Ashton’s first use in 1999, there is little doubt that the way we know the Internet of Things today will be the way we know it in a decade.
Taking a multilayered approach to security will allow scalability as the networks grow and evolve over time.
Taking a single approach could leave us pigeonholed if something changes and it is not compatible.
But if we are approaching it from multiple layers, then there is always the opportunity to phase in a new layer if another is not longer functional. When you look at IoT security just think about cake — and those delicious layers.
