16 Ways IoT Builders Can Keep User Data Safe


The Internet of Things connects a wide variety of devices, from kitchen appliances to smartphones, to the Internet and to each other. Through sensors, software and processors, these devices can exchange information to perform certain functions, simplifying everyday tasks by learning and anticipating the needs of the user.

The conveniences and services consumers look for from their IoT devices require “fuel” — and the fuel that powers IoT devices is data. IoT devices are constantly collecting and exchanging sensitive data; therefore, a compelling priority for any company producing technology for IoT is data security.Here are the 16 members Forbes Technology Council Share strategies to help IoT companies ensure optimal data security for their latest products.

1. Implement Zero Trust Security

IoT providers should implement a zero-trust security paradigm that requires teams to eliminate implicit trust exploited by malicious attackers. It should be applied in all areas of IoT ecosystem design and implementation, improving the security posture of products. – Raj Utraja, gore mutual insurance

2. Prioritize the safety of your own and supplier operations

Manufacturers cannot protect customer data without protecting their own operations. In addition to IT security measures to protect customer data, companies using IoT technologies must prioritize the security of their own and their suppliers’ operations through strategic partnerships and extensive collaboration. Visibility and monitoring are key to ensuring uninterrupted operations. – Ryan Moody, ABS Group of Companies


Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs, and technology executives. Am I eligible?


3. Protect data throughout its lifecycle

For IoT companies, security needs to be considered from the start, and data security means looking at how to protect data throughout its lifecycle. Consideration needs to be given to the security of when and where data is generated and collected, as well as transmitted and stored. Policies should be developed and enforced for the safe use of data throughout the process. – Liu Tian, Hillstone Network

4. Consider device, network, and backend system vulnerabilities

There is no “one size fits all” approach. Risk needs to be mitigated throughout the IoT lifecycle to include individual-level vulnerabilities in devices, networks, and user and customer backend systems. Encryption needs to be used judiciously at every data point. – Banjin Chandra, Dianfang LLC

5. Add a cybersecurity SME to your design team

The key to keeping your product safe is to think about safety from the start. Your product team should include a cybersecurity subject matter expert. They should participate in design discussions, daily standups, and code reviews of any new product or any new feature added to an existing product. – Jeffreyton, video

6. Continuously evaluate safety and reliability

Your IoT application platform needs to be “bulletproof”. Nearly all technology-based cyber threats today exploit vulnerabilities in application and operating system code. IoT developers must constantly evaluate the security and reliability of their products from start to finish. Additionally, they must gather cyber intelligence about their products and integrated components from the dark web. – Howard Taylor, Radware

7. Encrypt data in use, in motion and at rest

In addition to building a fully web-ready human culture, all companies producing IoT technology should encrypt data in use, in motion, and at rest. Data should also be physically “air-gapped,” meaning backups should be stored offline and offsite. – Tara Anderson, frame security

8. Adopt an end-to-end approach to security

Due to the complexity of IoT, CISOs should take an end-to-end security approach to securing IoT solutions. I recommend first defining your current security maturity model level. Then, identify the actions needed to get to the desired stage, while addressing strategies, issues, and needs based on gaps.At Microsoft, we follow IoT Security Maturity Model Practitioner’s Guide. – Pablo Junco, Microsoft

9. Choose the right cryptography based on your use case

Encrypt everything anytime, anywhere. This means encryption using a cryptographically sound cipher suite at rest, in transit, and in processing where feasible. However, it’s also important to choose the right encryption for your use case – knowing when you should use stream ciphers and block ciphers so that performance is not compromised. You don’t want an extremely safe product that no one uses. – Sasha Zgeral, sales force

10. Make sure the data storage service has a solid track record

It is absolutely essential for companies to know where their customer data is stored. In the absence of in-house capabilities to provide best-in-class digital and physical security for owned data, external services can be leveraged. But make sure the companies offering these services have a proven track record of maintaining a high level of data security. – chintanshah, Brainvire Information Technology Corporation

11. Anonymizing Sensitive Data

Companies must protect data at the source, and one effective approach for IoT companies is to integrate data-centric protection into the analytics pipeline. This means anonymizing sensitive data using masking, tokenization, and encryption, depending on how the data is used downstream. Protecting data at the time of its creation and throughout its lifecycle helps companies comply with data privacy laws. – Amish Divadia, Baffle Company

12. Work closely with hardware manufacturers

Work closely with IoT chip and firmware manufacturers. These companies are investing in PSA Level 3 certification and using advanced technologies such as physical unclonability and decoupling the logic and software that runs IoT devices. Take advantage of the smarts in the hardware world to beat script kiddies. – James Beecham, ALTR

13. Allow only authorized access to data through zero-trust, end-to-end encryption

Today, with the increased use of IoT, enterprise systems are more prone to data breaches as the threat landscape rapidly evolves. The only solution is zero trust, end-to-end encryption, allowing only authorized access to the data. Encryption and cloud data centers with remote servers using smart devices and embedded systems as well as IoT gateways are essential. – Damesh Acharya, root net

14. Hire security experts and third-party testers

A multi-pronged approach must be taken to all new developments. Make security experts part of the team – they should be involved in the entire project, from architecture development and planning to code review and product release. Also, consider using an external third party for penetration testing and any other meaningful security testing. Finally, pay an independent third party to crack the program. – Jay Marshall, Eyelock LLC

15. Establish the need for regular password updates

Make sure you have a process in place that requires users to change their passwords to ones that contain letters, numbers, and special characters, and renew them every 60 to 90 days. This will ensure that the user’s data is protected on the device. – Margarita Simonova, ILoveMyQA

16. Establish a transparent data security policy

Data protection will define the future of IoT. Sensors are constantly generating and cross-referencing data. Transparent policies that address cybersecurity concerns, oversee device access, establish physical and logical identities of devices, and perform regular audits are key. With six IoT devices in every person on the planet, there is no room for error in the streamlined data processing of IoT. – Robert Stzelecki, gentle hut



Source link

Leave a Reply

Your email address will not be published.