It’s a vast opportunity but it also brings vast risk. How do you keep billions of devices secure? How about the networks they run on? How do you make sure the data from all those devices isn’t compromised?
IoT security cannot be an afterthought or an add-on. Security must be built in from the beginning.
When it comes to IoT, security requirements are unique. Connecting devices is different from connecting individual people and personal computers. To verify its identity, an IoT device can’t simply enter a password as a person would. Similarly, the systems that run our PCs are regularly updated, but IoT has to work all time.
A reliable infrastructure is a must, and this is especially true for mission-critical applications. 3GPP technologies provide this reliability. The IoT expands rapidly, and security must be end-to-end.
Factors impacting IoT security
Data based decisions need reliable data. Vital decisions related to business, safety and health are increasingly based on data. To make the right decisions, data must be accurate and secure.Different devices require different solutions. Devices come in different in shapes and forms. Some devices are capability constrained with very limited capabilities and for such devices traditional security methods are not possible to use.End-to-end ecosystems security. In IoT, success depends on collaborative ecosystems of device manufacturers network providers, platform providers, app developers and end-users. Ensuring end-to-end security of the ecosystem is crucial.
Building trust in IoT
As the number of connected devices grow, identifying each device becomes increasingly important, and complex. Device identification is done on the connectivity or application level. SIM, and the evolution to embedded SIM’s (eSIMs), provide good protection of the device connectivity identity. For device identification on application level, certificates are commonly used. Identity and Access Management (IAM) systems verify the identity of a device and what data it has access to
In an IoT where many decisions are data-driven, it is crucial to ensure that each device is behaving as it should, and its data has not been manipulated. Breaches need to be detected as quickly as possible to limit possible damage. Data needs to be protected in transit, and 3GPP networks support security controls to preserve data integrity, confidentiality and availability to guarantee the security and privacy of the information.
Network availability and reliability are important security objectives for IoT systems. With ICT infrastructure under constant attack, traffic separation and protection technologies reduce the risk of costly downtime and denial-of-service (DoS). Traffic separation methods, including the 5G network slicing concept, will provide isolation of network, application and security functions, allowing service providers to offer different security levels for different network slices. Transport Layer Security (TLS) and Internet Protocol Security (IPSec) encrypt data to ensure traffic protection.
Privacy and confidentiality
Respecting the right to personal data protection is increasingly difficult, as personal information can be drawn from analyzing IoT device data. The pressure to protect and anonymize data increases with the enactment of Europe’s GDPR. Non-compliance could have serious consequences for the bottom line of any company operating in the EU.
Security management for IoT
IoT security management must be approached in new ways, moving from reactive and manual to proactive and automated. The sheer volume of devices that will get connected calls for security automation, and enhanced security analytics capabilities.