Return to overview

Why a Secure IoT Platform should be your number one concern.

Modern day examples of the importance of a secure IoT platform.

The ubiquity of IoT is bringing great analytics, data insights, and real-time knowledge into daily life across all industries. But if poorly designed, implemented and maintained, it also creates a cybersecurity nightmare. Just this year, we’ve seen (among other things):

• Security vulnerabilities in public and private Electric Vehicle (EV) charging. This could have enabled the theft of electricity at a public charging station. An enterprising hacker could access user accounts at home, impede charging, and use the opportunity to enter and attack a home network.

• A software hack on a Florida water treatment plant where an intruder boosted the level of sodium hydroxide in the water supply to 100 times higher than normal. (Fortunately, staff thwarted the attack).

• The Colonial Pipeline attack: the largest ransomware cyberattack on an oil infrastructure target in the history of the United States.

IoT security problems are not limited to critical infrastructure. Today a household may contain over 200 connected devices, each with its specific security requirements and varied life cycle – symbolic of a poorly interoperable and poorly regulated world of Internet of Things devices.

Fortunately, at Davra, we’ve learned many ways to implement and enhance cybersecurity in our business and our product offerings. Here are some of the fundamental principles that any company can embrace and create a more secure IoT Platform.

All people are responsible for security vigilance

Train and educate employees regularly about optimal security practices, from password management to phishing emails. For example, if you have staff working from home, good security practices include:

• Password protect the home router

• Device encryption

• The use of only supported operating systems

• Regular software updates

• Two-factor authentication,

• Use of a virtual private network (VPN)

You are as only powerful as your weakest link

All devices are a potential entry point for an attack: an unsafe USB plugged into a work computer due to lax ‘bring your own device’ (BYOD) principles can spread a virus throughout an organisation quickly and easily.

Likewise, attacking one system may not cripple your network but cause enough chaos and disarray to disable daily functionality. Imagine disabling the elevator control system or lighting in a hospital, for example. Companies need to embed security practices within all facets of their organisation, with complete buy-in rather than cybersecurity as the security department’s sole responsibility.

Security by design as a minimum standard

Embrace security by design principle in the products that we make. Security by design is about automating data security as the first principle of good product design, incorporating data security into design infrastructure — companies design software to be secure from the outset, reducing the likelihood of security vulnerabilities.

How Davra Creates a Secure IoT Platform

Security best practices can differ across industries and include additional data privacy requirements. At Davra, we follow well-recognised security processes and protocols to ensure we are up to date with emerging security challenges across the sectors we operate in.

We were awarded the NSAI IS EN ISO 9001:2015 & 27001 Certificate by the National Standards Authority of Ireland (NSAI). This sets out the essential requirements for a practical and effective quality management system (QMS) which is a system for minimising risk and maximising opportunity. The Standards help us improve customer satisfaction levels, internal efficiency and employee involvement. Our compliance with the FedRAMP program ensures cloud security of US federal information. This is vital for any business selling services to the US Government.

We also adopt the principles of the NIST security framework. Cybersecurity challenges are constantly evolving and changing in our connected economy. Embedding responsibility within and throughout our organisations allows us to ensure the best IoT security practices for now and in the future.