CSA's IOT Security Report

CSA's IOT Security Report

Last week’s DDoS attack was the largest of its kind in history, and shows how easy Internet of Things devices can be compromised and used to conduct massive cyber-attacks. The attack has caused serious concern among the technology community regarding the level of security provided by IoT developers and the risk devices pose towards the cloud.

The attack was foreshadowed earlier this month with the release of Cloud Security Alliance’s (CSA) report, Future-proofing the Connected World: 13 Steps to Developing Secure IoT Products. The 75 page report provides an in-depth security guide for IoT designers and developers and how to ensure that their products are as secure as possible. Chair of the CSA’s IoT Working Group Brian Russell recently spoke to ZDNet about the report:

"It is often heard in our industry that securing IoT products and systems is an insurmountable effort," he said. "We hope to empower developers and organisations with the ability to create a security strategy that will help mitigate the most pressing threats to both consumer and business IoT products."

As noted in the article, an estimated 50 billion IoT devices will be in circulation and connected by 2020, greatly increasing the likelihood of a substantial threat. As the report states:

"The consequences of a particular IoT product being used to compromise sensitive user information or worse, to cause harm or damage, will be catastrophic to the product vendor."

 The report contains a comprehensive 13 step program for securing IoT devices:

  1.  Start with a Secure Development Methodology
  2. Implement a Secure Development and Integration Environment
  3. Identify Framework and Platform Security Features
  4. Establish Privacy Protections
  5. Design in Hardware-based Security Controls
  6. Protect Data
  7. Secure Associated Applications and Services
  8. Protect Logical Interfaces /APIs
  9. Provide a Secure Update Capability
  10. Implement Authentication, Authorization and Access Control Features
  11. Establish a Secure Key Management Capability
  12. Provide Logging Mechanisms
  13. Perform Security Reviews (Internal and External)

Simply put, the need for resilient IoT security is becoming increasingly important and is something developers will need to focus on to combat cyber-attacks like last week’s DDoS hack.  

Stay up-to-date with the latest market developments, trending news stories and industry advances with the Research and Markets blog. Don’t forget to join our mailing list to receive alerts for the latest blog plus information about new products.

Published by Research and Markets