We are living in an era of the Internet of Things (IoT). Connected devices are now an intricate part of every aspect of our lives—from the cars we drive and the devices in our homes and offices, to the wearable devices on our bodies. While the upside is that IoT opens up a world of possibilities, the downside is that the increasing number of connected devices translate to more possibilities for hackers to target.
IoT security threats are further amplified since most users associate IoT functionality with traditional internet, causing them to have a similar assumption around IoT security. However, IoT technology differs vastly from traditional security patterns. While it is easy to secure the underlying network, blocking infiltration of IoT devices, before the device is activated, is a constant security threat. For it is entirely possible for hackers to penetrate a connected device during development or deployment.
It’s vital to rethink the approach to IoT security
IoT security, therefore, needs to be built from the ground up—embedded in the core project architecture at the conceptualisation stage. This can then be built into a multi-tier security system with bespoke solutions that match your exact needs.
Essential security controls include:
Using a subscriber identity module (SIM) to transmit data via a cellular network, instead of Wi-Fi or Bluetooth. This will control authentication, identity, and security on a chosen mobile network, and will effectively operate as a trusted gatekeeper.
Applying whitelisting—a ‘deny by default’ approach that enables only approved files or applications to be installed. With whitelisting, security defences are strengthened, and malicious software and other unapproved programs are blocked from running, even when new components or nodes are added.
Adding the extra layer of traffic segregationpreventsunauthorized device-to-device communications from taking place, without being whitelisted. Traffic segregation will prevent a single hacked unit from infecting the entire ecosystem.
Opting for a dedicated private access point (APN), which will prevent unauthorised access from devices that don’t have SIMs assigned to your organisation.
Strengthening the IoT ecosystem with security incident and event management (SIEM) technologies that monitor threats in real time.
IoT security depends on the right partner
The Vodafone IoT Barometer 2017/2018—the annual insight on the transformational role of IoT in the world of business—reports 82% of businesses identifying security as a critical factor in IoT decision-making.Additionally,75% of businesses cite security as their number one consideration when choosing connectivity for IoT projects.
This makes it critical for enterprises securing their connected products to choose the right partner. Equipped with adequate experience, technologically advanced products, and seamless services, the right partner can proactively fill the gaps and secure against threats.
Key partner capabilities will have to include adequate experience in device authentication and encryption technologies, security management experience in multi-device and multi-OEM markets, and compliance with regulatory and legislative requirements. Partners will have to be equipped with adequate security architectures that can be scaled if required.They will have to fulfil security configurations such as updates, certificates, and cryptographic keys that can be implemented acrossmillions of endpoints under real-time conditions. Finally, partners will have to offer customised services aligned to the unique IoT risk landscape of each business.