The Internet of Things is transforming how business is done and how close companies can get to their consumers. Smart products need to be developed at speed and at scale. Security is often the piece of the puzzle that suffers.

IoT Security Checklist

IoT Security Checklist

Regardless of development speed, these four main aspects of security when developing a smart product need to be considered:

1. Use secure hardware

  • RNG or the whole crypto stack on chip. RNG means Random Number Generator. This is a foundation for modern security algorithms. Robust implementation needs a good source of random numbers, which might be a problem for embedded systems. Having a hardware implementation of RNG or, better, a hardware implementation of complete crypto algorithms is a common solution.
  • Anti-tamper features. This feature protects hardware from being reverse-engineered, unauthorised access to sensitive data is avoided, etc.

2. Implement secure communication (encryption and authentication)

  • TLS/DTLS standards

3. Have a recovery plan (should things go wrong)

Even with the securest solution, there are risks. Hackers never sleep and will always find new ways to infiltrate smart products. Having a plan means that you can act faster in the event of a hack. Focus on two aspects:

  • Technical Save
    Regardless of whether you are using a solution provider or in-house development, be sure to have a plan in place to support you in case of a hack. Establish how fast an upgrade to prevent further hacks can be pushed as well as a process to identify how a security breach could occur in the first place.  

  • PR Save
    Have your communications team briefed on all your smart products and the technical background of these. Should a security breach occur, it is vital that they have the basic information plus what exactly happened and how it will be fixed asap. Getting in front of these issues and showing your consumers that you are responsive is vital.

4. Build OTA functionality into your devices

OTA (over-the-air updates and remote management) is going to be the functionality that will help prevent security hacks. In the unlikely event that they occur, this is also the functionality that will let you fix it.

Any smart product needs to be updated regularly. As we said, hackers never sleep and neither should your security solution. It should consistently be maintained and included in upgrades that are pushed to connected products. This will help keep your consumers safe.

Should a product get hacked, you’ll be able to send the fix to close the breach via OTA to all products fast.

Don’t go it alone

Just because IoT development is transformative, it doesn’t have to be complex. That is if experts are involved. We advise any organisation who wants to get to market fast and securely, to work with an established IoT platform. Embedded development is complex to anyone new to the field, mistakes are made frequently and security risks more easily taken. Unless an experienced team is available in-house, go with a partner that can provide an evolving, stable and secure solution.

To contact: send us a message or ask on the developer forum.