Home Internet of Things Aerospace Apparel Energy Defense Health Care Logistics Manufacturing Retail

LPWANS: A Hidden IoT Security Risk

Make sure your company is not caught off-guard by low-power wide-area networks in corporate environments.
By Andrew Howard

• Limit your exposure: For high-assurance areas, limit the electronics allowed in the vicinity. For new electronic devices, have them evaluated to understand what antennas are present on the device and whether they match the documented components.

• Pick a trustworthy provider: An LPWAN network provider is similar to a cloud provider. Your security is dependent on their security. A provider will run the network using a standard protocol, such as NB-IoT or Sigfox. However, there are optional security features each protocol provides that the network provider may or may not be using. Some of the security tradeoffs are discussed in this article. The provider is also responsible for protecting the data on its platform. Ensure that it has the proper controls and policies that meet your company's requirements. Pay special attention to data-ownership rights and retention policies.

LPWAN devices will be physically present in corporate environments within the next few years. Preparing for them now will ensure your company is not caught off-guard.

As the chief technology officer at Kudelski Security, Andrew Howard is responsible for the evolution, development and delivery of the organization's technology strategy and solution architecture, including selecting and validating third-party technologies and managing research, development and labs. Prior to joining Kudelski Security, Andrew was a laboratory director at Georgia Tech, spearheading the university's information security research and advisory programs. He has served as advisor on emerging security threats to Fortune 250 CISOs and government bodies and has extensive experience as a security architect, strategist and technical leader. Andrew has an MBA in management of technology and a master's degree in information security from the Georgia Institute of Technology, and is a Certified Information Systems Security Professional (CISSP) and a Certified Information Security Manager (CISM).

Login and post your comment!

Not a member?

Signup for an account now to access all of the features of RFIDJournal.com!

Case Studies Features Best Practices How-Tos
Live Events Virtual Events Webinars
Simply enter a question for our experts.
RFID Journal LIVE! RFID in Health Care LIVE! LatAm LIVE! Brasil LIVE! Europe RFID Connect Virtual Events RFID Journal Awards Webinars Presentations