IoT Security & Privacy : Discussing the IoT Threat Scenarios

IoT predicted to connect over 30 billion devices connected, taking the total worth to over $1.29 trillion by the year 2020. IoT growing at a compound rate of 15.6 percent seems to be the next generation of Industrial Revolution by modernizing companies with state of the art technologies. At the forefront of this IoT race is IBM with its supercomputer Watson which competed against former Jeopardy! winners in their own game and won the first prize of $1 million dollars in 2011.

Infographic Credits: IBM

 

IBM has come a long way in becoming the pioneers of the IoT revolution with their IoT platform built on top of Watson. Security, being a critical element of IoT, yet is too often neglected in the development of systems. As they say, “A chain is only as strong as its weakest link”, the same applies to IoT. The more devices that are connected, the more is the security risk of the whole project. Thankfully, IBM has all the whole shebang in place to counter this threat.

IBM’s IoT platform, Watson, boasts of a number of security features embedded deeply into its solutions. IBM closely monitors and works as per the reports of OWASP Internet of Things Project.

A few of the security implementations by IBM is as follows:

 

Secure by Design:

IBM ‘s Platform built in compliance with ISO 27001 standards with regular audits by internal and third party firms. This ensures basic security measures for the applications from the ground up.


Security Controls:

IBM gives the prospect of granular control over all the users from a single functional dashboard. Configurations for the management of roles, enabling of users, applications, and gateways. The granular control helps organizations manage hierarchy.

 

Advanced Security

IBM has its very own tool for Threat Intelligence for IoT which landscapes the connected devices and visualizes the critical risk chinks in the armor.

 

IoT and security expertise

IBM has deep IoT and security expertise to help our customers define and implement their IoT security strategy. They provide several IoT services offerings including an IoT security assessment workshop, an IoT threat intelligence quick win to identify anomalies, and an IoT data anonymization quick win to ensure data privacy while maximizing data utility.

 

Transport Layer Security (TLS)

Transport Level Security or TLS ensures that all the packets of data travel unsniffed right from the source to the platform securely. TLS has been turned on by default in IBM’s Watson.

As expected from a legacy IT Services company, IBM has always been a step ahead in the field of security. IBM observes a few points for the devices hosted on the platform or any part of the IBM ecosystem

Design for Security

Key takeaways:

  • Apply Secure Engineering principles to the design of connected devices and the environments in which they operate.
  • Defense in depth – have multiple layers of defense in the solution.
  • Devices are “in the wild” and now part of the attack surface.
  • Devices that were isolated before are now connected, which considerably broadens the potential significance of any security breach.
  • Fail-safe modes of operation must be assured for devices, even if they become isolated from communication with other parts of the environment.

 

Design for Privacy

Key takeaways:

  • Employ data separation, segregation, redaction, and data transform techniques to remove personally identifiable information.
  • Unique device identifiers can be considered personally identifiable in some situations.
  • Use ephemeral and separate identifiers in communications and data storage. Isolate associations with unique device identifiers and with unique personal information.

Credits: ftc.gov

 

Test for Security

Key takeaways:

  • Security testing techniques apply to devices as they apply to any other software systems.
  • Code analysis, ethical hacking, and other techniques apply to devices and device-side code.
  • Hostile environment testing extends beyond physical hostile conditions to include communications and networking hostile conditions.
  • If the code is correct, as validated by testing, the attack surface shrinks.

 

 

Security in the cyberspace has become the need of the hour with devices like electronic appliances and cars being connected to each other. If a person with a malicious intent breaks into one device then it would also compromise the reliability of the network as a whole.

 

Companies have come together to put forth frameworks to comply in the IoT security field in order to ensure a level playing field for all the IoT operators by ensuring that all the devices coming online would be secured.

 

 

 


Feel Free to share your thoughts in the comment section below.
Don't forget to follow us on Twitter, like our Facebook Fan Page and Add us to your circles on Google+ to keep you updated with the latest technology news, gadget reviews, launches around the world and much more
Tagged with