Davra Storms MQ
Even though security is a big concern for many companies using IoT devices and networks, it is often left to the last minute to implement the necessary security measures.
Improved supply chain processing? Check! Process optimisation and automation? Check! Increased inventory management? Check! Network security measures in place? Hmm, maybe don’t “check” it until we’ve actually checked it out!
Network security is often an afterthought in many organisations due to the intangible benefits it brings to the organisation, or else it’s given thought when it’s too late. But we here at Davra love a good plan, and believe what gets measured gets managed. So even if you’ve nailed your supply chain processes and predictive maintenance (perhaps link to the blog post?) it’s imperative that you include security as part of the overall IoT implementation network.
In this blog post, we’ll be discussing the steps your organisation can take to mitigate any security risks your network may be subject to.
While it pays to have a good security system in place to combat hacks and errors, your team and employees play a massive part in ensuring the company networks remain impenetrable.
Following routine penetration testing checks, along with regular employee training will maintain a healthy system and decrease the risk of infiltration.
An important and often overlooked method of network security is checking your authentication methods. Remember to check that each IoT device has its own unique ID that can be authenticated when the device attempts to connect to a central server or gateway. That way if a device is not communicating securely, its ID can be tracked and its privileges revoked to ensure it doesn’t do any harm.
Various authentication measures such as multi-factor authentication (inherence – biometrics, knowledge and possession), 2-factor authentication and 2-step verification are also incredibly important for employees to keep secure. Updating these private layers of defence frequently means that even if a password is compromised, there is another level that hackers won’t be able to intercept.
The researchers at IEEE have come together to assess current security attributes of IoT devices, and have now come up with a new solution and possible framework for going forward. Up until now, IoT security involved access control and authenticated key exchange for communications. Rather than getting the individual IoT devices to control all of the perhaps more complicated security processing requirements to gain access, they are now suggesting installing a security box, or security management component at a nearby edge.
This would then handle all of the throughput and intensive security tasks that the devices themselves cannot cope with. These edge boxes or routers will then handle the cryptographic and heavy keys, and will also allow for more scalability in the security network. This will free up the IoT devices to work as normal.
As well as employing these new security measures, it is still highly important to ensure you use data encryption methods. Firewalls, secure sockets layer protocols (SSL) as well as wireless protocols will protect your IoT web applications.
Depending on the type of business you operate, your security and risk protocols will vary. If you are involved in the financial services, you may need to take PSD2 and MiFID 2 in the EU into account.
Other important mandates to consider are:
• PCI DSS: Payment Card Industry Data Security Standard aims to increase the security of credit cards and that all companies dealing with online payments have the correct security measures in place.
• GDPR: The General Data Protection Regulation is an EU law concerning data protection and privacy. If you are within the EU, or transfer information outside of the EU, you will need to be compliant with this law.
• GLBA: The Gramm-Leach-Bliley Act is a US federal law ensuring financial information holders protect and share their customers’ information appropriately.
Your company needs to ensure it first of all has the correct procedures in place for laws such as these, and also that your IoT devices encompass these laws.
When making the smart decision to invest in IoT devices for your organisation, checking that the network, data, systems and devices are not corrupt and have the correct security measures in place will save you a lot of hassle and potential infiltration down the line. If you would like to chat to us about implementing the correct IoT security procedures, why not contact us to put the right measures in place.
Brian McGlynn, Davra, COO
Davra Storms MQ
Davra IoT is the only Industrial IoT Platform Available on AWS MarketplaceRead More
The Collaboration of Humans & Robots Has Created The CobotRead More