siliconindia | | November 20189While ultimate security will likely remain elusive, we have to do all we can to add depth in our defenses and make it ever harder for adversaries to succeed in their nefarious endeavorsreport for security and risk professionals concluded that there is no single, magic security bullet that can easily fix all IoT security issues.A few of the key challenges to achieving a secure IoT can be outlines as below: · Many IoT devices lack basic security requirements· There is a plethora of IoT standards and protocols that create security blind spots· The scale and scope of IoT deployments hinder visibility into security incidents· There is a lack of clarity of responsibility regarding privacy and security.We can expect further sophisticated attacks that lever-age insecure IoT devices in the coming months and years. A world's leading research and advisory company placed security at the top of its list of top 10 IoT technologies for 2018. IoT security will be complicated by the fact that many `things' use simple processors and operating systems that may not support sophisticated security approaches.It's also complicated as simple things connect to be-come a vast network that reaches everywhere. According to a report released by a premier research company, · IoT security requires an end-to-end approach· Encryption is an absolute must· IoT security scenarios place a premium on scalability · Security analytics will play a significant role in IoT security solutions · IoT standards are important catalysts but still need time to matureBased on analysis of several research papers and in-dustry adoption, IoT security can broadly outlined into following key domains ­ · IoT Network Security: Protecting and securing the network connecting IoT devices to back-end systems on the internet.· IoT Authentication: Providing the ability for users to authenticate an IoT device, including managing multiple users of a single device (such as a connected car), ranging from simple static password/pins to more robust authenti-cation mechanisms such as two-factor authentication, digi-tal certificates and biometrics. · IoT Encryption: Encrypting data at rest and in transit between IoT edge devices and back-end systems· IoT PKI: Providing complete X.509 digital certificate and cryptographic key and life-cycle capabilities, including public/private key generation, distribution, management, and revocation. · IoT Security Analytics: Collecting, ag-gregating, monitoring, and normalizing data from IoT devices and providing ac-tionable reporting and alerting on specific activities or when activities fall outside established policies.· IoT API Security: Providing the ability to authenticate and authorize data move-ment between IoT devices, back-end sys-tems, and applications using documented REST-based APIs. The continued evolution of IoT-specific security threats will undoubtedly drive in-novation in this space; so expect newer IoT-specific secu-rity technologies to appear in the creation phase in the near future, many of which may align around vertical and indus-try-specific use cases such as connected medical devices or industrial applications.While cyber security is well understood amongst com-puting professionals, the attraction of IoT is drawing inter-est from new comers from all quarters who are significantly less familiar with contemporary best practices or even the full implications of a breach. An insecure IoT product may not be the ultimate target but could provide the pivot point for an attack elsewhere in the system. Cyber security is also a moveable feast; what is deemed secure today may not be so tomorrow. We can expect more of the same to apply as IoT applications emerge and mature. While ultimate secu-rity will likely remain elusive, we have to do all we can to add depth in our defenses and make it ever harder for adversaries to succeed in their nefarious endeavors. It's im-perative for today's digital businesses to balance the busi-ness benefits that IoT-connected products can deliver with the recognition that these same devices have become an attractive attack plane for hackers and cybercriminals seek-ing to cause disruption and exfiltration of sensitive data. Shashank Bajpai
< Page 8 | Page 10 >