The growth of IoT is occurring at an incredible rate, justly raising alarms about IoT security and IoT privacy issues as we become increasingly reliant on these intelligent, interconnected devices in our lives and businesses. How are we to protect billions of devices from attacks and intrusions that could compromise our personal privacy, public safety, or business viability? Building an IoT solution involves securing sensors, devices, networks, cloud platforms, web applications, and mobile applications for diverse industries. This presentation examines the landscape of emerging security challenges posed by connected devices and offers a catalog of security deployment patterns that have been successfully used by some of the worlds most well known OEMs to deploy connected product fleets.

1. IoT Security Patterns
Mark Benson, CTO
@markbenson

2. The IoT opportunity
Recent Economist survey:
Expect their company to be
using IoT within 3 years
“IoT is our single biggest
threat AND biggest
opportunity over the next 10
years” – Brand-name fortune
500 board of directors
*Source: ABI Research, Cisco, Craig Hallum Estimates
0
2
4
6
8
10
12
14
16
18
20
$0
$50
$100
$150
$200
$250
DevicesBillions
MarketSizeBillions
Big Data Analytics (53%
CAGR)
Connected Device Platforms
(33% CAGR)
Platforms (33% CAGR)
Application Enablement
Platforms (32% CAGR)
Value Added Services (26%
CAGR)
System Integration Services
(24% CAGR)
Hardware (23% CAGR)
Connectivity (12% CAGR)
Internet-connected devices
(Cisco Estimate)
95%

3. The Internet of Things?
More like the Internet of Attack
Vectors
• Attack surfaces are expanding rapidly
• Physical access to systems is becoming easier
• Consumer privacy concerns are rising
• Consequences of a breach are becoming more severe (critical
infrastructure, brand deterioration, data privacy issues, etc.)
• Product companies are being forced outside of their comfort
zones
• Three dimensions that make IoT security challenging…

4. 1. Resource constraints

5. 2. Deployment topologies

6. 3. Usage modes
Things to note about IoT usage modes that affect security:
1. Some modes are normal and standard solutions exist
2. Some modes are new and standards are still emerging
3. Some modes are becoming more vulnerable due to resource constraints

7. The IoT security problem area
A. High resource constraints
B. Complex deployment topologies
C. Novel usage modes
Mo’ IoT, mo’ problems

8. The 4th dimension: time
Now we have a Tesseract
The difficulty with IoT security is that
the landscape is constantly changing,
even after products are deployed
Security should be designed for from
the beginning and embraced as a
journey throughout
It starts with a process…

9. The web you should be weaving
Secure processes => secure products => secure brand integrity

10. Conclusion
Takeaways:
1. Security processes. Have a security architecture from the beginning and
evolve throughout (layers, topologies, modes)
2. Technology selection. Start it from the beginning and evolve thoughout
3. Operations planning. How do you respond if/when a security incident occurs
in the field. Use checklists
– http://owasp.org/
– http://builditsecure.ly/
Embrace the journey

11. Thank you
Mark Benson
@markbenson