The Cloud Security Alliance (CSA) last week released a guidance report titled, Future-proofing the Connected World: 13 Steps to Developing Secure IoT Products, created to help designers and developers of Internet of Things (IoT) related products and services understand the basic security measures that must be incorporated throughout the development process.
The report lays out 13 considerations and guidance for designing and developing reasonably secure IoT devices, to mitigate some of the more common issues that can be found with IoT device development. Additionally, realizing that often times there is a need to quickly identify the critical security items in a product development lifecycle, researchers also outline the top five security considerations that when applied will begin to increase an IoT product’s security posture substantially.
The report lays out guidance in the following areas:
- A discussion on IoT device security challenges.
- Results from an IoT security survey conducted by the CSA IoT Working Group.
- A discussion on security options available for IoT development platforms.
- A categorization of IoT device types and a review of a few threats.
- Recommendations for secure device design and development processes.
- A detailed checklist for security engineers to follow during the development process.
- A set of appendices that provide examples of IoT products mapped to their relevant threats.
The CSA IoT Working Group focuses on understanding the relevant use cases for IoT deployments and defining actionable guidance for security practitioners to secure their implementations. The group is led by Russell, with initiative leads Priya Kuber, Dr. Shyam Sundaram, Aaron Guzman, Arlene Mordeno and Sabri Khemissa.