Internet of Things (IoT) - Security Best Practices

Internet of Things Security Basics

The Internet of Things (IoT) is something of a technological movement expanding the connectivity of the internet beyond computers—to pacemakers and pedometers; to animal tags and car engines; to thermostats and washing machines.

But more than providing great new ways to manage our businesses, homes, health and entertainment, IoT is broadening the attack surface for hackers to steal personally identifiable information (PII), medical records, or intellectual property.

The challenge is that IoT comprises so many technologies and skill sets. These devices need a combination of embedded software security, data security, mobile application security and cloud security services. It’s an ongoing challenge to evaluate each area at a deep level while keeping view of the entire picture, but there are a few best practices that should help put the best foot forward in IoT security:

1. Harden your embedded OS and code running on the device.

   If your embedded system lacks safeguards, hackers will have a clear path into your IoT architecture. Failing to secure this level provides just another route into your cloud.

   
   
2. Encrypt data—at rest and in motion.

   You need to keep track of everywhere the data goes. The user data on the device, the web service, and the protocol communication from the device to anything else needs to be encrypted. The point is, if and when a device is hacked, you want to make sure user data remains secure.

   
   
3. Leverage authentication and authorization for communication to each device.

   Securing access to the device will prevent anyone other than the primary user who comes into possession of the device from using it to access information or send commands. You also don’t want to be the weakest link in a consumer’s collection of IoT devices allowing malware to spread and infect everything else.

   
   
4. Secure your mobile and web applications. Even a locked down device can be easily manipulated if the apps that talk to it are easy to break into.
5. Secure your cloud infrastructure. Ensure that the servers and networks powering your product are as resilient to attackers. They are inherently shared by others, out on the public internet, and you may have an exposed backbone upon which everything else is built.

Keep in mind that a viable security strategy must go much, much farther than these guidelines. For a tailored look into your architecture, Novacoast offers an Internet of Things Security Assessment & Penetration testing service.