With a 19 trillion-dollar market size by the year 2020, it’s no surprise why the Internet of Things (IoT) manufacturers are racing against time to create IoT products for consumers, enterprises, and governments. The merging of cloud, big data, wireless technology, endpoints, and the Internet of Things, can create a critical situation for security experts. More than 50 billion IoT devices will be made available across all industries including automotive, education, home appliances, consumer electronics, banking, medical, manufacturing, and more. This also presents 50 billion security risks.
Here’s why: most IoT manufacturers create their products using traditional supply chain, engineering and assurance processes that do not adequately address the complexities of IoT technology.
As the Internet of Things (IoT) continues to grow and gain traction, so does the gamut of concerns security experts raise. That’s why it’s more important than ever for IoT manufacturers to evolve and design products with security, safety, and quality in mind. Device manufacturers should start caring about the safety and privacy of their users and not just revenue generation.
In addition, quality policy creation and implementation are major factors in the success of IoT security, and regulatory bodies, including those in government, must add value to the endeavor.
So, what can be done? Here are recommended actions for manufacturers:
Employ a Secure Software Development Lifecycle (S-SDLC)
This involves baking security into products by design. It also includes challenging/testing/validating security theories and performance throughout the product lifecycle. The test starts with threat modeling of a system to identify all potential threats and vulnerabilities from a hypothetical attacker's point of view. The purpose of threat modeling is to provide IoT manufacturers with a systematic and detailed analysis of a possible attack and build mitigations into products to address the identified security threats.
Also, part of the S-SDLC and post-product release is performing routine security testing and ensuring that there is a detailed incident response plan for conducting and addressing vulnerability reports.
Engage in ‘Privacy by Design’
This is an approach to systems engineering which takes privacy into consideration throughout the whole engineering process. This concept is an example of value sensitive design. The process includes performing Privacy Impact Assessments (PIAs), a tool for identifying and assessing privacy risks throughout the development life cycle of a system. PIAs help design more efficient and effective processes for handling personal data. This action will also support compliance with General Data Protection Regulation (GDPR).
Follow best practice/or develop in-house secure standards
As the IoT industry evolves, the need to standardize common IoT backend tasks has now become crucial. Although standardization of IoT processes is still in its infancy, manufacturers should strictly follow general best practice or develop secure standards in-house.
By prioritizing privacy, baking security into IoT products at the early stages of development, and following best practice, IoT device manufacturers will produce better, more secure devices for the IoT market.