Insights into The Current State of IoT Security and Practical Advice for Safeguarding IoT Endpoints
In
the fast-evolving IoT landscape, securing connected devices and their
IT systems is crucial. During our recent webinar, "IoT Security
Strategies: Implementing Secure Connected Solutions," expert IoT
specialists — Chris Barker, Senior Director Product Security at Semtech(Semtech:formerly Sierra Wireless), and Paul Bradley, Vice President Solutions Sales at Kigen — shared
insights into the current state of IoT security and practical advice
for safeguarding IoT endpoints. You can find highlights of the Q&A
session, which includes helpful references and guidance for
IT and technical leaders.
What’s the difference between eSIM, IoT SAFE and a TPM?
An eSIM is a platform that hosts different
mobile operator profiles, allowing multiple profiles to exist within
the same physical SIM, or more accurately, an eUICC. IoT SAFE is an application that operates within the eUICC, which reduces bill of materials (BoM) costs by combining the functions of both a physical eUICC and a Secure Element or TPM into one component.
On the other hand, TPMs
originated from the PC world, often associated with applications like
BitLocker, which encrypt the contents of your hard disk. In the mobile
space, where power efficiency is crucial, secure elements and SIMs have
increasingly served as trusted roots for transacting or in-device security such as biometric authentication. While eSIMs with IoT SAFE and TPMs have similar roles, they have evolved differently to suit their respective environments.
What should companies consider when deploying IoT devices in multiple jurisdictions, particularly regarding compliance with regulations?
Companies need to examine the specific
regulations for each jurisdiction where they are deploying IoT devices.
It’s essential to ensure compliance with local laws, as regulations can
vary significantly. Even IoT manufacturers face challenges in navigating
the myriad of regulations, often receiving inquiries from customers
about specific certifications. While there are common guidelines, such
as avoiding hard-coded passwords and ensuring regular updates, the
complexity of compliance depends on the deployment location. To aid in
this process, initiatives like PSA Certified have
been established, which map local regulations to certification
requirements, providing traceability and assisting companies in
achieving compliance with IoT security standards.
What are some recommendations for achieving end-to-end security?
To ensure end-to-end security, it's
important to consider the use case, especially if the data is sensitive
or will be used in a sensitive manner. A key recommendation is to secure
the credentials that guarantee data provenance and transport from the
device to the cloud within tamper-resistant hardware. This could be a
SIM using IoT SAFE or a root of trust. Protecting those credentials is essential.
How do you approach end-to-end security from the device to the cloud?
We focus on the entire process, looking at
every component from the device to the cloud. We build our security and
defenses based on this comprehensive view, implementing security
controls and testing them thoroughly, including third-party assessments,
to ensure a smooth end-to-end security process.
How important is training for customers on IoT security, and what responsibility do manufacturers have in this regard?
Training for customers on IoT security is
crucial, and as IoT manufacturers, we hold a responsibility to educate
our users. Hosting webinars and providing security hardening guides are
some ways we facilitate this training. However, as an industry, we can
definitely improve our efforts in security awareness for IoT. Our team
frequently discusses how to better engage with customers, ensuring that
security is a key topic during conversations, especially during sales
discussions. We're continuously exploring ways to effectively
communicate the importance of security and how customers can protect
their devices.
Is there any security reference architecture for IoT infrastructures?
Yes, one well-known option is the ARM platform security architecture,
which you can certify against. It provides practical guidelines that
align with various governmental regulations from different institutions.
If you explore sites like the IoT Security Foundation, you'll find a comprehensive list of 30 to 50 links to different resources, some of which contain examples of security architectures as well as connections to specific regulations.
What about governmental security standards like GDPR, FIPS, etc.?
It's crucial to be aware of these
standards when deploying IoT solutions. It's important to work closely
with your legal team to understand the regulations applicable to your
jurisdiction, especially if sensitive data is involved. Ensuring
compliance and maintaining transparency across the board is essential
for every use case you implement. Additionally, there's an increasing
expectation for vendors to provide compliance as a service, as
enterprises will look to them for guidance on meeting security and
regulatory requirements.
- +1 Like
- Add to Favorites
Recommend
- How eSIM and iSIM Help Unlock Business Value
- What is SIM Card Connector?
- The Difference between SIM Card and SD Card
- Yint‘s ESDSR05-4 TVS Meet the Electrostatic Protection Design Of SIM Card Reading Circuit
- IoT Router Failover Functionality on
- Iot Made Easy: Energiya and Semtech Corp Collaborate to Enable Customers to Quickly Connect Any Device to the Cloud
- Kinghelm KH-SIM1616-6PIN MicroSIM Card Connector, A Top-tier Self-ejecting MicroSIM Card Connector Featuring 6 Pins
- Securing Sierra Wireless Digital Future – Understanding the UK Product Security and Telecommunications Infrastructure Act (PSTI)
This document is provided by Sekorm Platform for VIP exclusive service. The copyright is owned by Sekorm. Without authorization, any medias, websites or individual are not allowed to reprint. When authorizing the reprint, the link of www.sekorm.com must be indicated.