This 3 part article series gives a well-rounded understanding of key considerations in IoT security architecture. The article is presented in layman terms, which I like a lot, by Padraig Scully from IoT-Analytics in consultation with George Cora from Ardexa. I highly recommend reading all three parts (links at the bottom) and start planning for incorporating security in your IoT product architecture from the very beginning.
The author advocates a holistic rather than piecemeal approach when it comes to your IoT security solutions, all the way from the device hardware at the bottom to your intelligent application layer at the top of IoT stack. The author mentions 6 key principles spread across 4 layers to be covered for a reliable IoT security architecture and then goes about explaining why these principles matter, how they can make your IoT solution foolproof, and how to go about implementing these principles. You must read all the 3 parts of this article series to make use of these insights.
The author includes examples that are substantiated with lessons from IoT security breaches in the recent past such as rootkits planted at a plant floor or hacking of a medical device altering the patient's dosage. There are interesting insights such as the legacy systems that you think are 100% secure, but could prove to be the weakest link when you enable IoT into your infrastructure. Even the fine print of the service agreement with your cloud provider might throw in some surprising lapses - the data protection promise might not be as it appears to be.
As per the author, remote device management and security updates being done remotely are the trickiest to handle when it comes to IoT security. You must authenticate not only the users but also the underlying machines for a highly secure message interchange. You must have the logic to detect suspicious behavior before it's too late. There are some simple recommendations, too, which you must do such as encrypting the data not just during message transmission, but also when it is resting on the endpoint device or cloud. Go ahead and read this 3 part series and I am sure that you will feel confident when you know, even at a high level, what you will need to do to secure your IoT solution.
Follow the link at the end to read part 1 of the 3 part series.
Other parts of the series:
Part 2: https://iot-analytics.com/understanding-iot-cyber-security-part-2/
Part 3: https://iot-analytics.com/iot-security-lessons-from-recent-iot-projects/
The author advocates a holistic rather than piecemeal approach when it comes to your IoT security solutions, all the way from the device hardware at the bottom to your intelligent application layer at the top of IoT stack. The author mentions 6 key principles spread across 4 layers to be covered for a reliable IoT security architecture and then goes about explaining why these principles matter, how they can make your IoT solution foolproof, and how to go about implementing these principles. You must read all the 3 parts of this article series to make use of these insights.
The author includes examples that are substantiated with lessons from IoT security breaches in the recent past such as rootkits planted at a plant floor or hacking of a medical device altering the patient's dosage. There are interesting insights such as the legacy systems that you think are 100% secure, but could prove to be the weakest link when you enable IoT into your infrastructure. Even the fine print of the service agreement with your cloud provider might throw in some surprising lapses - the data protection promise might not be as it appears to be.
As per the author, remote device management and security updates being done remotely are the trickiest to handle when it comes to IoT security. You must authenticate not only the users but also the underlying machines for a highly secure message interchange. You must have the logic to detect suspicious behavior before it's too late. There are some simple recommendations, too, which you must do such as encrypting the data not just during message transmission, but also when it is resting on the endpoint device or cloud. Go ahead and read this 3 part series and I am sure that you will feel confident when you know, even at a high level, what you will need to do to secure your IoT solution.
Follow the link at the end to read part 1 of the 3 part series.
Other parts of the series:
Part 2: https://iot-analytics.com/understanding-iot-cyber-security-part-2/
Part 3: https://iot-analytics.com/iot-security-lessons-from-recent-iot-projects/
