‘Maintaining IoT Device Security is War: The Three Must-Haves You Need to Win the Battle’ From Lantronix
As more and more devices get on the Internet, the IoT attack surface grows, giving nefarious individuals juicier and broader targets. High-value critical assets found in hospitals, office buildings, manufacturing plants and homes could be vulnerable to attack due to inferior embedded security systems.
It requires considerable effort to design in robust security and even more work to ensure that devices are deployed correctly. Be wary of any IoT solution that claims to be totally secure.
Right now you might be thinking…why would an IoT enablement company – one that prides itself on the security of its products — admit such a thing?
That’s because security is not a “one and done” thing. Just as security in the IT world requires constant vigilance, there is a dawning realization that equal if not greater precautions are needed when it comes to IoT security. From the component supplier to the OEM, to the end-user and then the hosting provider, security is an ongoing battle where success is a product of participation and partnership between multiple allies.
So how is it possible to establish and maintain effective enterprise security within an IoT device? Successfully staying ahead of digital adversaries requires these three things:
Start with a security mindset that begins on the component and connectivity level. For OEMs and systems integrators building or deploying an IoT solution, security starts with choosing partners and suppliers with proven track records in delivering solutions that address security. Below are some key questions to ask when considering which building blocks to use for your IoT solution.
What security protocols and features do your vendors build into the components you use?
What is their policy and philosophy in supporting security in firmware updates?
Do they meet the stringent security standards like FIPS 140-2, FIPS-197, etc.?
Will the device be deployed behind a firewall or is it unclear how your customer will deploy the device?
What encryption and authentication protocols are built in to ensure secure data transmission?
Building in security-friendly features as part of your IoT solution and cloud computing. Unlike the IT world where security often revolves around one set of users and a similar set of devices, the IoT world is much more complicated. Unlike a laptop or PC desktop on the enterprise network, in the IoT world, one device or machine is often accessed and used in many different ways by different types of users, from end-users to system integrators to service and maintenance personnel and OEMs. In addition, many of these devices are interacting with other dissimilar devices.
Simply setting up password protection on the network or a device won’t be enough to keep out hackers. Building in policy-driven security features allow administrators to manage who can access what data on the device and when. In addition, data security can be significantly improved through adding features such as role-based access capabilities and strong encryption.
For business-critical applications, it’s important to consider building in features that address sensitive post-deployment scenarios, such as maintenance and support. Incorporating advanced features, like a wireless simultaneous soft access point, can enable outside service personnel to obtain secure access to a device without having to expose your customer’s network or disrupt on-going device operations.
Following best practices in security during device deployment. In today’s world, device security requires a commitment to continuous vigilance, which includes upgrading networking equipment to meet the appropriate levels of protection for the situation your device is being placed in. A recent PSA from the U.S. FBI on IoT device security made the following recommendations:
Ensure all default passwords are changed to strong passwords
Purchase IoT devices and solutions from manufacturers with a track record for security and providing on-going updates
Disable UPnP on routers
Maintain firmware and security updates and patches
Isolate IoT devices on their own protected networks or behind a firewall
For additional Lantronix product information or technical support, contact Symmetry Electronics, an authorized distributor of industry leading wireless, audio/video and embedded chips, modules and dev/eval tools (877) 466-9722.
Stay up to date with industry and supplier news!