The Cloud Security Alliance (CSA) has issued a range of new guidelines in a bid to help IoT designers and developers understand IoT security risks and measures.
These tips are aimed at encouraging designers and developers to create products that put IoT security first, protecting themselves as well as end users at the same time.
They cover a plethora of areas, including protecting data, enabling secure authentication, and secure key management. These are pretty standard security tips, but they’ve been issued at a time when security risks are growing.
IoT security a growing concern
More cyber-criminals are identifying the potential of IoT and are increasingly finding ways to get into devices to steal valuable user data.
For this reason, companies are beginning to dedicate more investment to appropriate security. According to Gartner, spending in the area will reach a staggering $348 million by the end of this year.
These guidelines are there to introduce technologists and companies to ways they can stay safe. That said, they’re not there to be “a substitute for understanding fundamental system security engineering methodologies and techniques”.
Instead, the CSA notes that they’ve been put together “to mitigate some of the more common issues that can be found with IoT device development”.
All bases covered
The report also touches on key programming languages involved in the production of IoT devices and services. These include C, C#, C++, Erlang, Objective C, Go, Java, JavaScript, Parallel, Python, Rust and a few others.
Of course, it’s not just hardware that needs protection. The CSA has made it clear that professionals and companies are responsible for putting safeguards into place for other areas too.
They should put measures into place to ensure they develop smartphone applications that are safe to use, as well as the cloud services they run on. In other words, all areas need to be covered.
Securing IoT
Overall, there are guidelines for IoT security challenges, the options available for product and service development, different types of threats, work processes and device categories.
Brian Russell, chair of the IoT working group and chief engineer of cyber security solutions with Leidos, said: “It is often heard in our industry that securing IoT products and systems is an insurmountable effort.
“We hope to empower developers and organisations with the ability to create a security strategy that will help mitigate the most pressing threats to both consumer and business IoT products.”
Related: New group set up to combat Internet of Things security threats