Home Internet of Things Aerospace Apparel Energy Defense Health Care Logistics Manufacturing Retail

IoT Security from the Ground Up

How to safeguard your network in the age of the Internet of Things.
By Chris Francosky

Partner Integrity
Your network is only as secure as your weakest partner or link, so make sure each link meets or exceeds your security standards. A vast number of IoT applications rely on cellular connectivity, and this often involves three network connection partners:
• The mobile network operator (MNO)
• The IoT network operator
• The internet service provider (ISP)

If any of these third-party network providers do not meet security requirements, your data is at risk. It is crucial to vet partners to ensure they employ the most up-to-date protocols and technology, so be sure to conduct due diligence regarding proficiencies in the following areas:
• Intrusion prevention systems (IPS)
• Distributed denial-of-service (DDoS) defense systems
• Security patch and update processes
• Firewall models
• Real-time network operations monitoring
• Incident response

Access Control
Who can access your data and systems? In some instances, confidentiality is far less important than access control. An example use-case is an IoT application that locks or unlocks your car door; no confidential information is being shared, but you would not want unauthorized parties to access this system.

Understanding who has access to your data or systems is not always as easy as it seems. Employees may leave the company, be promoted or transfer to other divisions, but often retain access rights that should be changed or discontinued. It is critical to make sure privileges are up-to-date to avoid unauthorized access, whether unintentional or otherwise.

Furthermore, IoT devices should be designed with internal security components, allowing wireless connectivity to be protected. Ensure that devices with removable SIM cards are not accessible by unauthorized parties. If you use over-the-air application updates, implement a preventative mechanism, such as code-signing, to protect your devices from unauthorized updates.

Login and post your comment!

Not a member?

Signup for an account now to access all of the features of RFIDJournal.com!

Case Studies Features Best Practices How-Tos
Live Events Virtual Events Webinars
Simply enter a question for our experts.
RFID Journal LIVE! RFID in Health Care LIVE! LatAm LIVE! Brasil LIVE! Europe RFID Connect Virtual Events RFID Journal Awards Webinars Presentations