Jasper is now part of Cisco

Learn More

Privacy Statement has been updated. Read statement

About Cisco

Jasper is now part of Cisco

Learn More

About Cisco

Privacy Statement has been updated. Read statement

IoT Security – Safeguarding your applications and the cloud

Security-Series-4-Desktop-Listing
Security-Series-4-Mobile-Main
Security-Series-4-Mobile-Listing
March 8, 2017

by

Sanjay Khatri

Securing an IoT business is a multi-dimensional challenge. In this series, we’ve talked about how it takes a “village” of many players, and taken a deep dive on security at the device level, as well as the network and data transport levels. Now it’s time to look at best practices for protecting your IoT applications and cloud infrastructure.

A holistic view of cloud and application-level security

preview

Connecting devices to applications in the cloud makes them smarter and capable of delivering additional services. But it also makes them vulnerable to breaches in security from that very same cloud infrastructure. That’s why it’s mission critical to have robust security at the cloud and application levels — even a small crack can lead to catastrophic repercussions across a company’s entire IoT deployment.

Safeguarding both your IoT applications and cloud infrastructure requires a holistic approach, incorporating the best of traditional IT security along with even more sophisticated measures. While there are many factors to consider, here we’ll highlight two key areas:

1. Information security

To protect your organization and cloud infrastructure, you’ll want to consider digital and non-digital security practices. Adhering to standards such as ISO/IEC 27001 can provide a critical part of an overall strategy for ensuring information security in both IT and non-IT realms.

  • Digital — Employ traditional IT security elements that figure prominently in the enterprise security landscape such as intrusion detection systems (IDS), firewalls, encryption, and authorization solutions.
  • Non digital — Establish controls to secure organizational information and documentation, as well as protocols for other areas such as legal protection (what happens if there’s a breach?), and human resources (what happens when someone with access leaves the organization?).

2. Application-level security

In addition to securing the overall environment, you’ll need to get more granular with controls for the IoT applications themselves:

  • Role-based access — Implement identity management and access control lists to ensure that applications in the cloud are giving the right access to the right sets of people. For example, only people authorized to handle sensitive financial information should be able to access customer usage metrics and billing data.
  • Anomaly detection — Ensure there is a central logic within each IoT application that detects anomalous or suspicious behavior, flagging any irregular patterns in network and/or data transport activities among or between devices. That way you can remove the impacted cloud applications from the network to prevent widespread disruptions.

Scenarios: Applying best practices for application security

Like other components in the IoT ecosystem, security at the application level has many dimensions. In addition to the technology side of things, there’s also the human side – the people administering services in the cloud. Below we look at application security best practices in two business scenarios and how real-world companies are putting them into action.

Consumer – Role-based access for connected cars

Many types of IoT services are delivered into a connected car, which means many different people are involved in managing those services. As they touch different parts of the customer experience, it’s important to control who can do what in terms of accessing application information. As an example, to meet service-level commitments, the auto maker’s tech support needs to ensure cars are connecting properly to the cloud services, and have access to diagnostics tools to fix connectivity or performance issues. Role-based security ensures they have access to only those parts of the solution that give them insights to do their job.

Enterprise & industrial – Application-level security for smart meters

Connected devices are patterned – if they deviate, then something is wrong. For instance, if a machine is designed to connect only once a day and it deviates, that’s a red flag. It could even be as serious as the recent “denial of service” attacks we’ve seen in the news, in which an intruder commandeers a device to flood the network with requests to force denial of service. They’re not hacking the device, but rather, using the device to hack the network to bring everything to a standstill. Ensuring applications can inherently detect anomalous behavior and curtail it is a powerful way to mitigate this type of risk.

Even at the cloud and application levels of the IoT ecosystem, security is not one size fits all. Your specific situation and use cases will drive your strategies and solutions. Regardless, as advanced as technology may get, the old Boy Scout motto still applies, “Be prepared.” It’s one of the smartest investments you can make to help you sustain a successful IoT business.

Stay tuned for the final article in our IoT Security series, which spotlights an IoT Security Checklist you can put into action. Be sure to catch it – subscribe to our blog.

Post a comment

Comments

Post a Comment:

Subscribe

By email

Follow Us