Thank you for Subscribing to CIO Applications Weekly Brief

How to Implement Security-by-design into IoT Products

The majority of the organizations seek guidance from industry and professional groups to create security-by-design in their business. They need to understand their counterparts' best practices and standards and inform their strategies to regulatory bodies.
Fremont, CA: The Internet of Things (IoT) and Industrial Internet of Things (IIoT) have opened up many opportunities for organizations. However, it has also given rise to many cybersecurity risks.
Some security risks for organizations include:
• Not implementing security into the design of products and ecosystems
• Inadequate security awareness and training for engineers and architects
• None visibility of products or not having a full product inventory
• Recognizing and treating risks of fielded and legacy products
• Absence of ownership/governance to drive security and privacy
• Inexperienced/immature incident response processes
• Insufficient IoT/IIoT and product security and privacy resources
• Lack of monitoring of devices and systems to detect security events
• Absence of security and privacy program
• No post-market/ implementation security and privacy risk management
The majority of the organizations seek guidance from industry and professional groups to create security-by-design in their business. They need to understand their counterparts' best practices and standards and inform their strategies to regulatory bodies.
Here are five tips for organizations that want to implement security-by-design into IoT products:
Set-up Security-by-Design Practices:
Implement security-by-design into the design of the product or the ecosystem architecture design via risk assessments, security testing, threat modeling, and requirements.
Have a Dedicated Team and Provide them with Enough Resources:
Create a dedicated team that has the product-based experience and offer training as required to increase knowledge.
Utilize Industry-Available Resources:
Utilize public availability industry resources instead of creating and providing specific questionnaires to the device vendors.
Set the Tone from the Top:
From leadership to relevant product security subject matter experts to product teams, make sure that the right people are engaged and have ownership of the process.
Analyze Current State of Product Security and Create a Cyber Strategy:
When designing connected products or obtaining such products to integrate internally, analyze how the products and the data they produce are protected, and create a cyber strategy to optimize improvement.
See also: Top Cyber Security Solution Companies
I agree We use cookies on this website to enhance your user experience. By clicking any link on this page you are giving your consent for us to set cookies. More info
Featured Vendors
-
Jason Vogel, Senior Director of Product Strategy & Development, Silver Wealth Technologies
James Brown, CEO, Smart Communications
Deepak Dube, Founder and CEO, Datanomers
Tory Hazard, CEO, Institutional Cash Distributors
Jean Jacques Borno, CFP®, Founder & CEO, 1787fp
-
Andrew Rudd, CEO, Advisor Software
Douglas Jones, Vice President Operations, NETSOL Technologies
Matt McCormick, CEO, AddOn Networks
Jeff Peters, President, and Co-Founder, Focalized Networks
Tom Jordan, VP, Financial Software Solutions, Digital Check Corp
Tracey Dunlap, Chief Experience Officer, Zenmonics