Cloud Security Alliance Issues Security Guidelines for IoT

By S. Rina, | October 10, 2016

Internet of Things (IoT) is fast becoming an important technology segment.

Internet of Things (IoT) is fast becoming an important technology segment.

Internet of Things (IoT) is fast becoming an important technology segment. To ensure the safety and privacy of the users, Cloud Security Alliance has released a set of guidelines to be followed by IoT device makers and designers. The guidelines manual consists of 13 important considerations to be followed for "reasonably" securing the devices.

Like Us on Facebook

The guidelines deal with diverse topics such as devices, threats, and available security options. The report titled "Future-proofing the Connected World: 13 Steps to Developing Secure IoT Products" concedes that securing IoT products is difficult as the technology is constantly changing. However, it stated that the guidelines provide a starting point to work from for developers and designers.

It is estimated that there will be more than 50 billion connected devices in the world by 2020. The report said that any security breach for a particular IoT product would be catastrophic to the product vendor. It illustrated the example of VTech breach, which occurred late last year. In this case, instead of breaching the devices, the hackers targeted the online service connecting the devices. They were able to steal non-personally-identifiable data related to 200,000 child users of various VTech products.

The report further touched on Distributed Denial of Service (or DDoS). It said that IoT provides the perfect opportunity for the hackers to perform DDoS due to the sheer number of units attached to the network. The report also makes various suggestions such as using authentication, encryption, and integrity protection for security product interfaces. Apart from securing the devices, it also advocates for securing the gateways and apps used for connecting the devices.  

©2017 Telegiz All rights reserved. Do not reproduce without permission
Real Time Analytics