Steps to developing secure IoT products

IoT is broad ranging, and the pace of change and innovation is fast. This makes identifying controls that can be applied against diverse IoT products difficult. Recently, much has been said regarding the need to secure the Internet of Things against a large number of attacks and a diverse pool of attackers.

CSA guidance to developing secure IoT products

The Cloud Security Alliance (CSA) released a new guidance report created to help designers and developers of IoT related products and services understand the basic security measures that must be incorporated throughout the development process.

“It is often heard in our industry that securing IoT products and systems is an insurmountable effort,” said Brian Russell, Chair IoT Working Group. “However, with the help of our extremely knowledgeable and dedicated volunteers, we are providing a strong starting point for organizations that have begun transforming their existing products into IoT-enabled devices, as well as newly emerging IoT startups. We hope to empower developers and organizations with the ability to create a security strategy that will help mitigate the most pressing threats to both consumer and business IoT products.”

Specifically, the report lays out 13 considerations and guidance for designing and developing reasonably secure IoT devices, to mitigate some of the more common issues that can be found with IoT device development.

Additionally, realizing that often times there is a need to quickly identify the critical security items in a product development lifecycle, researchers also outline the top five security considerations that when applied will begin to increase an IoT product’s security posture substantially.

Focus areas

The report lays out guidance in the following areas:

• A discussion on IoT device security challenges.
• Results from an IoT security survey conducted by the CSA IoT Working Group.
• A discussion on security options available for IoT development platforms.
• A categorization of IoT device types and a review of a few threats.
• Recommendations for secure device design and development processes.
• A detailed checklist for security engineers to follow during the development process.
• A set of appendices that provide examples of IoT products mapped to their relevant threats.

The in-depth CSA report is available in PDF format here.