What You Need on Your IoT Security Checklist
For widespread deployment, Internet of Things (IoT) devices have to be relatively inexpensive — and this, in turn, could mean some security shortcuts. Likewise, in the rush to deploy IoT devices, security can get overlooked. These are reasons why IT should be proactive and involved in IoT deployments, getting the business to consider possible risks associated with the introduction of IoT devices and heading off shadow IoT implementations.
IoT security requires both a macro and micro view. This view has to be global and holistic, including not only the devices themselves but the networks connecting them, the management platforms, and relevant compliance and regulatory standards.
A strong IoT security posture includes strict identification and authentication processes, whether you’re using industrial or consumer IoT devices. Because your IoT data will likely traverse the Internet, you need to ensure your data is encrypted, and you need to make sure your management platform can support the IoT devices you expect to deploy.
If you decide to deploy edge computers at or near the IoT devices, investigate whether those edge computing devices provide the security control that the endpoint IoT devices may not contain. You may also want to implement applications in the edge computers. In other words, evaluate the edge computers against the attack surfaces and vulnerabilities as well as the endpoints.
Attack Surfaces and Vulnerabilities The Open Web Application Security Project (OWASP) has compiled a long list of IoT attack surface vulnerabilities that should be useful if you’re looking to deploy or implement IoT technologies. The list includes 17 attack surfaces, including hardware, storage, networks, interfaces, applications, APIs, authentication, and authorization, and specifies 131 vulnerabilities across them.