Security by Design: Architecture Considerations for Protection
by Exosite, on July 25, 2017
Proactive preparation works well, but when considering IoT security there are several methods that can be used in the design of a system to prevent and deter hacking events.
A surefire method to prevent an intruder from controlling critical assets is to structure an architecture that does not allow for control functionality. Simple, right? A one-way street allows an organization to benefit from the data collected without any risk of losing control. A flexible IoT platform should allow device configurations that support both control and data-production-only capabilities. This type of flexibility allows you to tune the level of security to your IoT solution, minimizing risk and maximizing the benefit.
User and permission management forms another critical pillar in securing IoT applications. It should be assumed that one or more user accounts will be hacked. Distributing and isolating permissions as much as possible lowers the risk profile of an attacker gaining access to critical assets. Some organizations have gone as far as to have no single user with root access to control over accounts. Of course, this makes it more difficult to give permissions, change them, and manage them, so the drawbacks have to be weighed against the level of risk associated with an attacker gaining access.
Virtualization of an application can also be used to make it significantly more difficult to cripple a network. Hosting applications in virtual environments distributes the risk of a platform to many instances of a single program. This means that even if hackers can cripple or gain access to a single virtual machine (VM), the functionality of the system at large is not compromised. Similarly, VMs can be destroyed without significant ramifications. The destruction of a VM that does not persist data can essentially reset the system to a known configuration. Virtualization and distributions of functionality complicate the options available to attackers and assists in deterrence.
To learn more about building a pragmatic security strategy, download our white paper. If you want to try out one of the world’s most secure and scalable IoT platform, sign up for a free account on Murano.