Firmware Architecture Five Considerations for Developing Secure Devices in the IoT
There are several challenges for developers who want to build solutions for the Internet of Things (IoT). It is vital to take a few key considerations into account in order to build systems that are safe and secure.
Firma zum Thema
The vast potential of the Internet of Things is threatened by several imposing challenges, and Thing developers bear the burden of meeting many of them:
1. How can designers properly care for the privacy, safety, and security of the information and functions entrusted to their Things?
2. How can a new breed of Thing developers, many with little or no professional embedded software experience, build reliable, efficient, and secure products?
3. How can even the most experienced embedded developers navigate the technical and business maze involved in integrating their Things into the Cloud?
While the challenges are daunting, Thing developers that navigate them successfully will be handsomely rewarded.
1. Adopt a Zero-Trust Data Privacy Strategy
One of the fallacies in IoT security is that solutions providers can focus their investment on fortifying the cloud data center and essentially ignore the security of the Things on the edge. This is dangerous thinking in the cloud era, and is downright folly in the IoT era. Attackers search for the weakest link, and if Things remain weakly protected, they will be targeted. Once a Thing is commandeered, attackers can use the Thing to gain access to the crown jewels in the data centers.
Another aspect of the fallacy is that there is not much worth protecting out on the edge. Things generate a hoard of valuable and private information – about our health, social activities, our location, etc., and present an incredibly valuable target for hackers.
As the IoT grows in complexity, it is not practical for developers to know or control how data will flow across the web and whether the various systems along the way will be worthy of our trust. As a consequence, Thing developers and their customers must adopt a zero-trust strategy, which divorces data protection responsibilities from devices, communications protocols, and cloud services. IoT data privacy is like the content protection problem for digital media.
Data owners must have the tools that are required to create flexible policies for authorized sharing, distribution, and access control of data, regardless of how it transits the web. For example, a wearable health care device may encrypt information generated locally with a key that is controlled by the device owner and shared out-of-band only with health-care providers that have a need-to-know.