Here’s where a logical question arises: what should be done to overcome all the possible pitfalls on the way to secure IoT? It’s critical that all the entities in IoT infrastructure contribute to the protection of connected systems, from top management to users and third parties. Let’s see what issues should be addressed to lower risks and ensure data security.
Chief security officer’s take:
The earlier senior-level management gets onboard with security, the better organization they may provide. What are CSOs accountable for?
First, they should perform regular and all-embracing risk assessment and security audits to verify that no new devices and sensors are added without permission and no vulnerabilities are approaching.
Second, they should ensure staff awareness control. It’s critical to put onboarding processes in place to make sure that all developers, employees, partners and customers are familiar with the security processes and policies. The other challenge is to consider the fact that employees may bring BYOD devices which connect to the corporate network. This means they should be provided with the secure access to internal systems and
The other challenge is when someone is leaving the company and take a device with them. This implies the additional level of security and process layers within the organizational structure.
And remember: nothing is perfect. All networks and devices are subject to a certain level of vulnerability, so the emergency plan is a must. Every minute of unnoticed breach will cost your company lost money and unsatisfied customers.
What about IoT developers? They should care about the security from the very beginning of product development and put this priority over price and sometimes over the convenience of use.
Thus, developers should think over the mechanism for security that meets the needs of the connected devices and network considering memory issues, bandwidth availability and computing power.
Today, applications are often composed of libraries and components rather than developed from scratch, so the majority of risks can be eliminated by scanning these components for vulnerabilities. Even more, it’s better to employ proven and trustful technology stacks, encrypted channels and authenticated protocols (see the picture below):