“S" in IoT stands for Security
As you can see, there’s no “S” in IoT. By definition, IoT systems contain numerous connected devices, giving those with malicious intent multiple targets to scan for vulnerabilities. All devices in a network must be adequately tested, or the entire system is threatened.
You might recall an incident in 2016 when AWS, Twitter, Spotify, and other services were disrupted as the result of a major DDoS attack on Dyn. The root cause was defined as the availability of third party DNS service providers. A huge amount of vulnerable IoT devices were used to execute this attack. One can’t be too careful when it comes to applying security measures to IoT systems.
In our experience, security issues should be addressed and resolved during the process of product development, not after. Assuring security is a colossal challenge for developers working on IoT projects. The effectiveness of security measures depends mostly on how much effort and resources are put into it at the earliest stages of product development.
Here is a basic security measures checklist we apply to all our products:
- SSL/TLS encryption;
- Isolated VLA;
- Detached corporate VPN;
- Modern and updated anti-virus;
- End-user and machine-to-machine authentication;
- Vetted frameworks for web development and design;
This checklist is constantly updated and may vary according to the project at hand.