When customers conceptualize and design their IoT products, they should be aware that there are now emerging obligations necessitating the delivery of end-to-end fully secure IoT solutions. Depending on the market and target application space, these may include:
This list is merely the tip of the iceberg when it comes to IoT end-to-end security requirements. In addition to the above, customers also have to address the actual and material cybersecurity threats against their products as evident from the increasing volume, frequency, and severity of security incidents and attacks resulting in compromised devices, stolen/lost data, and disrupted applications and critical systems in many publicized incidents of IoT security breaches.
Given the level of complexity and expertise in security that is required to begin tackling these requirements, how do you get started?
The first step is to perform security assessments and survey the threat landscape to get an increasingly more clear and coherent picture of the risks and vulnerabilities impacting the customer IoT products at every level. Indeed, the first step is to assess and uncover the specific threats using threat modeling and hands-on penetration (pen) testing. The threat assessment and vulnerability testing should ideally be performed not just at the device level but should also include the network layer (e.g., wireless mesh networks, RF protocols, and mobile device connectivity). It should also cover any security and controls that exist in the customer’s cloud, data, and application layer and should also cover privacy issues surrounding machine learning, data management, analytics, and automation. The test should be holistic and specialized to ensure the customer fully understands the scope and details of security requirements they need to address as part of their design, production, and device life-cycle process implementation.
IBM X-Force Red provides the subject matter experts as well as pen testers that can work with our customers to do exactly what is described above. Starting with a focused threat modeling workshop, they can explore the specific regulatory needs, privacy concerns, standards, and certification requirements. They can also discuss the specific threat models and scenarios the customer should be considering and designing mitigation for. Following this workshop, the customer will be provided a high-level action roadmap that may include additional activities such as specific pen testing on some or all the above areas mentioned. Customers can then work directly with IBM to perform the assessments and get more details. Also, customers can use the outputs of these assessment activities to inform them about the ways in which they should utilize our product security features, Secure Vault, and CPMS as well as other capabilities in IoT security that will be offerred going forward.
Click here to visit our IBM’s Technology Partner Page
Please select at least one column.