Jasper is now part of Cisco

Learn More

Privacy Statement has been updated. Read statement

About Cisco

Jasper is now part of Cisco

Learn More

About Cisco

Privacy Statement has been updated. Read statement

Mastering IoT security – It takes a village

preview-3
preview-1
preview-5
February 14, 2017

by

Sanjay Khatri

Always-on, anywhere connected services and experiences are transforming our business world and personal lifestyles, thanks to the Internet of Things (IoT). Yet making our lives simpler via IoT requires a complex ecosystem of players – from the device manufacturer to the automated managed connectivity platform to network service providers – all focused on how to make it happen seamlessly and securely.

preview

In other words, delivering secure IoT services takes a village. For more than a decade, at Cisco Jasper we’ve seen what’s going on every day with thousands of customers across dozens of industries. Without question, real-time monitoring of device connectivity helps identify vulnerabilities and automated actions fortify against risk.

Security concerns affect every player and every layer in the IoT ecosystem. In our new blog series on IoT security, we’ll spotlight real-world companies and how they effectively manage security for different levels of risk. In this article, we’ll introduce the players and some of the key layers.

Optimizing security with the IoT village

For managing IoT security, no one provider covers everything. Everyone in the value chain plays a critical role in making an IoT business secure. Whichever role your business plays in this ecosystem, it’s important to consider all the various players, and make sure that each one is delivering the best security in their arena, so you don’t have to reinvent the wheel at your level to fill in any gaps.

Like a village, the players in the IoT ecosystem are interdependent, especially when it comes to security. Typically, the players include:

  • Device manufacturer – Produces hardware equipped with a communications module, sensors and software for a specific purpose, which can be embedded into the “things” to be connected (e.g., cars, home objects, industrial robots, vending machines, point-of-sale terminals, municipal sprinkler systems, even livestock). Internet connectivity enables the transfer of data to and from the device, bringing the IoT services to life. Security at the device layer is mission critical as it impacts so many other parts of the overall solution.
  • Application developer – In-house or third-party partner providing software for a device, through which IoT services are delivered. Along with strict controls for authenticating user access, the software must have robust fraud detection and prevention mechanisms to protect data to and from the device. It provides an additional local layer of protection to supplement the heavy lifting of security at the network and IT infrastructure levels.
  • Enterprise – The organization deploying connected devices needs security protocols to protect not only the data transmitted to and from devices, but also to safeguard their IT infrastructure interacting with and managing the devices.
  • Network providers – There are many ways to connect devices – Wi-Fi, Bluetooth, satellite, mobile (cellular), low-power wide area networks, etc. Protocols and safeguard procedures, whether encryption standards, firewalls and SSL VPN, depend on the type of connectivity being used. For this series, we’ll focus our security examples around mobile cellular, Wi-Fi, and low-power wide areas networks.
  • Major cloud platforms – There are a range of IoT software platforms used in IoT deployments. Those from IBM, Microsoft, SAP and Salesforce collect and process data from an enterprise’s deployed connected devices. There are IoT platforms that remotely monitor and manage the connectivity of deployed devices, like the Cisco Jasper Control Center. Depending on the platforms and their intended use, providers need to implement stringent security controls to protect both the data and the enterprise customer.
  • Security company – Device software, cloud platforms, and enterprise IT may also benefit from a protective layer with industry-leading security software from companies like Kaspersky or Symantec. While these solutions are effective in local environments, they’re only a small part of the overall security ecosystem required for running an IoT business.
  • Standards bodies – Numerous national and international councils help drive recommendations and requirements for security protocols related to each layer. A well-known example in the payments space is the PCI Security Standards Council (for point-of-sale devices), which monitors threats and advocates standards to help businesses protect sensitive payment card data.

Snapshot of how Cisco Jasper plays a key role

As you can see, all the players in the IoT ecosystem have multiple security considerations. Using Cisco Jasper as an example, here’s a quick look at how we solve critical security issues at various layers, for enterprises using cellular connectivity to power their IoT devices:

  • Cloud platform layer – Our customers secure communications between connected devices and the applications in the cloud using automated rules in our Control Center automated connectivity management platform. Using our APIs, they can integrate these rules and controls directly into application platforms like Microsoft Azure, thereby combining connectivity security with application and data integrity.  
  • Device layer – Control Center augments the inherent security measures of mobile networks with additional authentication mechanisms that prevent unauthorized devices to access the cloud and the broader population of networked devices. Furthermore, Control Center is continuously monitoring for rogue and anomalous connectivity behavior to prevent potential security breaches.
  • Data transport layer – All data between Control Center managed devices and the cloud is encrypted and routed through secure VPN tunnels, making it inaccessible from outside networks. This prevents threats like DDoS and man-in-the-middle attacks that can compromise an individual device or an entire network of connected devices.

Key takeaways to guide your IoT security strategy

  • IoT security is never just one thing. The type of safeguards needed in a connected car or an IoT-enabled industrial robot are very different from a smart thermostat or home automation system. If an intruder can tap into a home network and turn up the heat, it’s not a huge deal. If someone hacks into a car and all the services monitoring safety, a family’s life is at stake.
  • Security levels should be device-specific. When it comes to security and encryption, the investment for each device should balance with the level of risk. The higher the risk, the more worthwhile it may be to invest in all the latest encryption for the devices. Employing other tactics like 24/7 monitoring and automated actions for fraud prevention adds a cost-effective layer of protection that helps minimize the security expenses across thousands or millions of devices.

Check out our next article in this series, “IoT Security – Key considerations for protecting connected devices,” where we take a deep dive into security at the device layer. You’ll hear how industry leading companies are getting it right, across multiple IoT application scenarios. Don’t miss it – subscribe to our blog!

Post a comment

Post a Comment:

Subscribe

By email

Follow Us