The Cloud Security Alliance (CSA) has produced a report New Security Guidance for Early Adopters of the IoT to help early adopters of IoT understand the security challenges. It says there has been insufficient research into the vulnerabilities associated with IoT or into best practices for securely developing, deploying, trusting and maintaining IoT components.
The report contains recommended security controls and sample use cases for organisations implementing IoT capabilities that the CSA says have been tailored to IoT-specific characteristics to allow early adopters to mitigate many of the risks associated with the technology.
Luciano Santos, VP of research and member services for the CSA, said: “Traditional security mechanisms such as secure software development and security controls engineering, common vulnerability and exploit discovery and reporting, vulnerability management and field upgrade and patching do not exist or are immature in most of the industries taking advantage of IoT platforms.”
Cloud the solution for IoT security
The CSA is a member-driven organisation created to promote best practice in securing cloud computing, and it sees the cloud as being the solution to security in the IoT world. “Research is needed to allow organisations to design a trusted IoT ecosystem in their enterprise that securely utilises the cloud for control and data connectivity,” it says. It argues that, in the absence of this research, organisations will be forced to make substantial architectural decisions without sufficient data to understand the risks and identify appropriate mitigations.
CSA says it is supporting the industry by decomposing the common devices types, markets and architectures of IoT, and subsequently analysing and recommending appropriate security mitigations across these commonalities.
“In future research in this area, CSA will associate each category with the appropriate cloud security standards, CCM controls, best practices and relevant governance,” it says. “Research will help identify and document critical vulnerabilities associated with introduction of IoT in various enterprise environments and provide best practices for vulnerability mitigation.”
CSA also intends to provide developers with secure development guidance to ensure IoT components are designed securely from the start.