IoT Security- Big data will be collected from IoT devices. IoT device accuracy both in the data produced and its transmission must be near flawless. The vast number of IoT devices that will be deployed places a burden on the IT staff and in business operations.
Approaching IoT Security
You need to pursue a global, holistic, macro, and micro views of IoT security. You have to inspect everything from the IoT devices, the networks connecting the devices, the management platforms, regulations, and the standards involved.
Deploying IoT devices is driven by business operations as well as IT. A conflict may occur determining who owns the end devices and who manages them. Operations departments may use cloud services and ignore and bypass the IT department. IT should be involved as an advisor to the business operations.
Enterprises need to consider the possible risks of the introduction of IoT devices. Both industrial and consumer products look more vulnerable than traditional IT devices. If business operations are part of the effort to deploy IoT devices, they should understand the risks and develop a balance between connecting IoT devices to IT versus creating their own shadow IoT support independent of IT.
You need to deploy strict identification and authentication processes. There will be endpoint devices that are part of industrial IoT environment. You may also deploy some devices from the consumer products available. In either case encryption becomes mandatory. There many wireless services that could be deployed as well as wired services, both eventually travel over the Internet.
You need to investigate your management platform as well. It may be adequate for the endpoints that you already own. It may have to be upgraded to support the wide range of IoT devices that you expect deploy.
If you decide to deploy edge computers at or near the IoT devices, investigate those edge computing devices to ensure that they provide the security control that the endpoint IoT devices may not contain. You may also want to implement applications in the edge computers. Therefore, the edge computers have to be evaluated against the attack surfaces and vulnerabilities as well as the endpoints.
Finally, you need to consider your adoption of standards. There many national and international organizations already in existence for protecting consumer and financial data. There are also federal and state regulations. Make sure your data is transmitted and stored according to the standards and regulatory requirements.
Attack Surfaces and Vulnerabilities
There is a long list of vulnerabilities specified in the “IoT Attack Surface Areas Project; The OWASP IoT Attack Surface Areas” by the Open Web Application Security Project. The IoT Attack Surface Areas Project provides a list of attack surfaces for those looking to deploy or implement IoT technologies within their organizations that should be considered and addressed by vendors, providers, developers, and security researchers. The list includes attack surfaces such as, hardware, storage, networks, interfaces, applications, APIs, authentication, and authorization. Use the vulnerability list as one form of checklist for IoT security.