In this era of digital transformation, where companies are deploying digital technologies to improve their operations, deliver value to customers, and gain a competitive edge, IoT initiatives invariably form the backbone of those efforts.
Huge amounts of data are generated by and collected from a wide variety of IoT devices. It is then analysed and actions taken, depending on the results of the analysis. However, if you cannot trust the data and the devices that produce it, there is no point in undertaking the massive effort required to collect and analyse it in the first place, or even worse, make business decisions based on it. IoT security is all about enabling that trust, and that’s why it is such an important topic today.
Many IoT devices simply were not built with security in mind. The introduction of connectivity to legacy devices where it was never the original intention, or to newer devices whose designers lacked the expertise to develop for high-security networked environments, can result in the introduction of new and unanticipated vulnerabilities. And those vulnerabilities can be exploited by attackers to use an IoT device as a point of entry into a network, which they can then leverage to go after higher value systems and data.
The diversity of IoT devices and lack of standardisation pose challenges. However, proven time-tested security techniques – adapted to the IoT environment – are the key to addressing these. Digital certificates to uniquely identify devices and form a root of trust for IoT systems, firmware signing to ensure that devices can accept authentic and unaltered updates and security patches to eliminate discovered vulnerabilities, and encryption to protect sensitive data collected by IoT devices are three important technologies to enable a secure and scalable IoT.
Securing the IoT is dependent on authenticating connected devices as an important part of ensuring that each one can be trusted to do what is expected of it. If organisations cannot trust the data and the devices producing it, why undertake the massive effort required to collect, analyse, and base decisions on it?
By providing each device with a unique identity that can be authenticated whenever it attempts to connect to a gateway or central server, it is possible to track its connection history and behaviour. Should a device behave in an unexpected way, an administrator can then quarantine it or revoke its network privileges.
Two thirds of the respondents to a recent survey, however, cited the poor authentication capabilities of IoT devices as one of their main security concerns – and with good reason. Strong authentication, based on a root of trust embedded at the time of device manufacture, is a linchpin to enable lifecycle security for medical devices.
In the case of medical IoT devices, assurance is required that the integrity of the device is maintained. It is crucial, for example, that a device receives the correct information to ensure it carries out the right action – such as delivering the correct dosage or recording the right measurements – at the right time. When a patient’s health is at stake, there should never be any doubt as to the integrity of the device and the data on which it relies.
Digital birth certificates
Providing this assurance, therefore, requires a solution that protects both the transfer and receipt of critical data, authenticates the addition of any new devices to the network to establish a root of trust and identity, and offers end-to-end encryption with strong key management. Only with such provisions in place can we be fully confident that our connected devices are secure.
Hardware security modules (HSMs) help IoT device manufacturers create a unique device identity or ‘digital birth certificate’ that can be authenticated when a device attempts to connect to a gateway or central server. With this unique ID in place, a device can be tracked throughout its lifecycle, and can be communicated with securely and prevented from executing harmful processes. If a device exhibits unexpected behaviour, its privileges can simply be revoked.
IoT security is seen by many today as a barrier to their IoT projects, particularly when treated as an add-on as opposed to a core component that must be designed in from the beginning. Security getting a seat at the table from the inception of IoT projects will evolve from being the exception to being the rule. And rather than being the ‘no’ people, the security team must recognise its role as a key enabler in the IoT, navigating the vast ecosystem of connected products and platforms, and developing ways to ensure and maintain trust.
About nCipher Security
Today’s fast moving digital environment enhances customer satisfaction, gives competitive advantage and improves operational efficiency. It also multiplies the security risks.
nCipher Security, a leader in the general purpose hardware security module (HSM) market, empowers world-leading organisations by delivering trust, integrity and control to their business-critical information and applications.
Its cryptographic solutions secure emerging technologies – cloud, IoT, blockchain, digital payments – and help meet new compliance mandates, using the same proven technology that global organisations depend on today to protect against threats to their sensitive data, network communications and enterprise infrastructure www.ncipher.com.
© Technews Publishing (Pty) Ltd | All Rights Reserved