Designing for Security: A Holistic Approach to Product Development

Designing for Security: A Holistic Approach to Product Development

How best to secure the Internet of Things? It’s a question on the lips of product designers and manufacturers, project and procurement managers in countless different industries and across organisations ranging from start-ups and SMEs through to multinational corporations.

Our answer? The word that should underpin every aspect of designing IoT security is holistic.

This applies both to designing product IoT security, throughout the development and manufacture processes, and designing operational IoT security, in organisations deploying live IoT devices.

This white paper looks at the first area – how to design IoT products with a holistic approach to security. We explain why a holistic approach is important, what it looks like in practice, and how to implement it.

Eyes wide open

First, let’s consider why security is such a key concern when it comes to the IoT. There are several critical factors at play, and it is vital for product designers and developers to keep their eyes open when evaluating them. Confronting these complex challenges head-on, rather than pretending they don’t exist, is crucial.

  • Securing IoT devices is difficult. Let’s not pretend otherwise. Many of the devices that make up IoT ecosystems are in themselves very small and simple – sensors that measure one or two pertinent factors and relay that data back to a centralized analytics engine. Embedding robust security into such devices is a far greater challenge than protecting a computer or smartphone – and, what’s more, the designers and manufacturers of IoT devices often started off working with non-connected products, meaning they don’t have the cyber-security expertise or experience available that other technology companies do.
  • The threat landscape is sophisticated. As the IoT landscape proliferates, so too do the tools and techniques developed by cybercriminals to specifically target IoT devices and systems. As in any facet of cybersecurity, an arms race is in operation. IoT products are under attack from a wide range of vectors, from physical interference with individual devices to wide-scale malware attacks launched remotely. Such attacks can be motivated by a simple (though hugely damaging) goal of digital vandalism, through to the theft of highly sensitive information or profitable financial gain, and wreak massive reputational and operational damage.
  • Compliance is a part of the picture. IoT devices deployed by organisations come under the same regulatory and legal compliance frameworks as any other parts of the IT infrastructure – and these frameworks are changing all the time. Depending on the sector your organisation operates in, you may be subject to industry-specific requirements such as HIPAA (Health Insurance Portability and Accountability Act). Meanwhile, international frameworks such as the GDPR affect organisation in multiple sectors.

It is because these factors are multifaceted – and because a similarly multifaceted set of resources are required to respond to them – that a holistic approach to IoT security is so important. Remaining alert to these factors from the outset can enable organisations designing, developing and deploying IoT products to assign the appropriate resource to IoT security, in terms of time, money andexpertise.

What does a holistic approach look like?

First, a holistic approach needs to consider the multiple different threats to IoT product security, so that it can respond to them collectively. There are three broad areas to consider:

  • Digital interference. The majority of cyber-attacks are, of course, launched remotely, using malware, social engineering and other techniques to infiltrate devices from afar. Protections such as firewalls, intrusion detection and prevention systems, and data encryption are all crucial elements in the arsenal of protection against such attacks. You also need to think about how software on IoT products is updated and patched in response to identified vulnerabilities.
  • Physical interference. What happens if a malicious party physically gets hold of an IoT device? How easily can they tamper with it or manipulate it? Can they easily bypass security mechanisms once it is in their hands, and, if so, what kind of data can they access? Could laboratory equipment be used to bypass physical security protections?
  • IoT ecosystems in situ. Once the product is deployed within an organisation or a consumer context, it will be connecting to, and interacting with, a centralized analytics engine or database, and possibly other IoT products. How are those connections secure and managed? What is your approach to key management – that is, how will keys be provisioned for the product and loaded onto it?
  • Resilience. If the worst happens and an IoT product is compromised by a malicious party, or displays a vulnerability, how can an individual or organisation deploying that product fix the problem? Will the security threat be automatically identified and the individual or organisation deploying it alerted? Can the product be isolated, or will it make other products within the local IoT ecosystem vulnerable too?

Next, a holistic approach needs to consider the IoT product development lifecycle.

Typically, like any product development cycle, this begins with a problem solving phase. The designers and developers might be focusing on a limitation with an existing product, or attempting to resolve a problem for which there is currently no product solution. In the IoT space specifically, the problem in question is likely to relate to capturing a new data set and then, crucially, translating that data into real operational decisions, whether immediate, long-term, or both.

Next, a series of potential solutions need to be tested, before a proof of concept is created for one or more of the proposed products. This phase is all about scaling the proposed product in realistic market conditions, examining how the product will work in a commercial or consumer connected environment, how it will actually be manufactured at scale, and how it will cope in the dynamic, flexible IoT landscape. From there, the most suitable product will typically be selected, and real-life manufacture will begin.

Traditionally, security might only be tacked on at this stage. However, a holistic approach means baking in security at the outset. Any new product that is going to collect, transmit or store digital data needs to not only have appropriate cyber-security mechanisms and processes ‘baked in’ from the beginning – but that security also needs to be continually revisited and adjusted once those products are out in the market, so as to respond to the ever-evolving cyber threat landscape.

In this sense, then, a holistic approach to IoT product development is about moving away from linear development models, and instead thinking in terms of feedback loops.

Live intelligence

Once unconnected devices are purchased and put to work, they lose any link with their developers and manufacturers. Information on how they are being used and how they are performing has to be sought second-hand, perhaps through customer feedback.

By contrast, each time a new IoT product is brought to market, it begins generating and collecting valuable data to be used for the next cycle of development.

As such, the savviest product developers in the IoT space should look for ways to incorporate a feedback loop into their processes, learning from how the first iteration of a product is being used and how it is performing under different conditions – and then using that information to drive the next development cycle, shoring up security and plugging vulnerability gaps as they are identified.

Similarly, the connected nature of IoT products means that, like software products and operating systems, they can be patched in response to new intelligence and newly evolving threats. It is vital for product designers and developers to consider this stage in their product life cycles, and to remember that their security responsibilities extend long after a product has been purchased and deployed.

IoT product security is not static. It is live, dynamic and ongoing. Why not read the second white paper in our pair, for more advice on how to incorporate a holistic approach to IoT operations?

For more guidance on security throughout your IoT ecosystem read the Whitepaper: Protecting Smart Devices and Applications throughout your IoT ecosystem below.

 

Protecting Smart Devices and Applications

Guidance on security throughout your IoT ecosystem

With the variety of connected applications and devices in operation now in the hundreds of thousands (and growing geometrically), it’s critical to ensure your IoT-related security standards are up to the task.

Read “Protecting Smart Devices and Applications” for a practical discussion of:

  • How to encrypt your data and network traffic (and why that’s just the start of IoT security)
  • Why your IoT is not nearly as secure as the cloud system it runs on
  • Best practices in authorization, auditing, secure software development, and more
Required
Required
Top