Guest Post: Before You Dive Into IoT, Do These Three Things
Olympic high diving requires concentration and self-control. Before divers jump off a 10-meter platform, they pause at the edge and concentrate on their goal: elegantly perform the acrobatic maneuver and gracefully pierce the water causing minimum surface disturbance. This same disciplined approach is required when adopting new and revolutionary technologies, such as those now available through the Internet of Things (IoT). Decision makers must assess the risks and benefits, consider potential difficulties, and then take the jump.
In this and the accompanying blog written by our colleague Charles White from our technology partner Fornetix, we discuss the three most important things you should do before you dive into IoT, and how you can identify common pitfalls to ensure you adopt this new technology with confidence.
Interconnected IoT devices are deployed primarily to collect data. Algorithms analyze numerous data parameters and identify trends that then enable applications to deliver innovative services. Because data is at the center of IoT, and because this data is often associated with the people who are ultimately the recipients of the services, keeping the data confidential is paramount. From the point where data is collected, to the on-premises and cloud-based datacenters where it is stored and processed, three things must be true:
- IoT devices must be trusted to be authentic
- The integrity and confidentiality of the data they collect must be preserved at all times
- The enterprise must maintain control across the entire process
The growing dependence on the services delivered by Internet-connected IoT devices means that we must trust the devices, the data they collect, and the decisions they make for us as consumers of their services. Ever wondered if your smart phone and ride-share application have accurately determined your location, and if your ride really is just around the corner? Or more importantly, are insulin doses delivered by connected medical device accurate and timely?
Trusting devices starts by ensuring they are authentic and authorized to be part of the specific service ecosystem upon which you have come to depend. To ensure this, digital credentials are injected in IoT devices to give them identities that can be authenticated once the devices become part of a service. And it does not stop with deployment! Software and firmware running in IoT devices is regularly updated, and this presents a perfect vector for malware to infect devices and compromise entire systems. Therefore, code signing is also critically important to ensure continued confidence in devices.
Keeping data collected by IoT devices confidential and unaltered across the complex networks it may traverse requires encryption and hashing techniques to mask data from unauthorized entities and to ensure it cannot be changed. While keeping IoT-collected data confidential is important, so too is maintaining its integrity to ensure applications make the right predictions and decisions and ultimately deliver the specific services consumers expect.
The scale and distributed nature of the IoT makes maintaining control of devices and data daunting. Nevertheless, it is imperative that enterprises adopting IoT technologies maintain control over their devices, the data they collect, the services they deliver, and the cryptography that protects the data. This ensures the technology does not compromise the privacy, security, and safety of end users.
Underpinning the techniques we have described above (credentialing to authenticate devices, code signing to validate integrity of software and firmware, encryption to protect data confidentiality, and hashing to preserve data integrity), are cryptographic keys that must always be protected to ensure the security of these processes. The exponentially growing number of IoT devices and data makes safeguarding and managing keys at scale challenging. Fortunately, tried and true technologies exist to provide trust, integrity, and control. Hardware security modules (HSMs) like the nCipher nShield play a critical role in safeguarding and managing keys used to sign device and code credentials, and to encrypt and hash data.
Safe Diving with a Root of Trust
As we entrust the IoT to help run our lives and enhance our well-being, we need a strong root of trust we can depend on to protect the data critical to all IoT ecosystems. Fornetix and nCipher can help you dive into IoT without making a splash. Fornetix VaultCore with an nCipher nShield HSM root of trust extends control of your IoT key management services from your data center to the cloud and on to the edge of your network.
To learn how to recognize possible challenges that can hold back IoT deployments, read Charles’s blog “How to Identify IoT Pitfalls and Adopt Technology with Confidence.” For more detailed information on innovative technology designed to unleash the full power of encryption with automatic key management and a robust root of trust that also facilitates regulatory compliance and ensures scalable IoT deployments, register here for our joint webinar on 18 April: “Breaking the IoT Adoption Barrier—End-to-End Trust, Integrity, and Control.” If you want to reach me for further discussion, don’t hesitate to contact me on Twitter @asenjoJuan or follow nCipher on Twitter, LinkedIn, and Facebook.
Note: This entry has been edited to reflect the ‘Key Orchestration’ solution name becoming ‘VaultCore’