- May 16, 2017
- Posted by: Mahesh Kulkarni
- Category: Blogs
The Internet of Things has evolved into an all-pervasive solution for connecting ubiquitous devices – the number of devices is expected to escalate to 30.7 billion by 2020. From cars, TVs, thermostats, printers, and smartphones to automation in Smart Grids, office automation and automation on an enterprise level; Internet of Things devices and sensors have opened new avenues for a plethora of applications and services by means of apposite information communication technologies.
As you can see, a huge amount of data is transmitted through these IoT devices. The other side of the coin is that they are vulnerable to security breaches. Securing IoT – cloud security in particular – is a major concern amongst organizations that are banking on it. 38% of C-level executives have stated that they can track and manage less than half of the devices connected to their businesses.
An end-to-end IoT solution is a cumulated IoT Ecosystem consisting of hardware, software, cloud and web. Although mobiles and PCs have umpteen security software solutions for protection from well-known security threats, securing IoT devices apart from these is still a challenging task which is hindering the widespread adoption of IoT.
IoT ecosystem’s topology follows a hierarchy – from sensors and other physical devices, IoT gateways where data aggregation is done to the Cloud where data is analyzed.
- Device Layer which includes the physical devices and the communication protocols.
- Data Ingestion and Transformation Layer wherein data from the device layer is converted to standard format via TCP/IP or MQTT, CoAP, and HTTP over REST API.
- Data Processing Layer wherein real time streaming and data analytics are processed. AFourTech has successfully implemented Kafka and Apache Spark integration for this <case study link>
- Application Layer which includes the IoT apps developed for monitoring resources, tracking, remote automation et al.
The goals of IoT security testing should be to secure:
- Edge – actual physical device e.g. Sensors
- Controller – used to aggregate data sent by edges and bridge edge devices with cloud network
- Cloud – web services hosted in public or private cloud used to store and process data to provide meaningful intelligence to users
- Web and Mobile Interface – allows users to interact with the IoT ecosystem
- Communications – securing data exchange between IoT components
Consequently, IoT security solutions are quintessential for the safety and high availability of an IoT setup. They should have a comprehensive security defect review process and a security testing lifecycle that adheres to IoT security standards. Although there are a few commonalities between security testing for any software and IoT, some security tests are specific to IoT, to meet the security requirements of every layer in the IoT topology described above. These include –
- Controller / Gateway Security Tests
- Security tests for Edge devices
- Data Encryption
- Cloud Infrastructure Security
- Web Application Security (For example, cross-site scripting)
- Mobile Application Security
AFourTech’s security testing services assure that your IoT setup adheres to every IoT security standard and streamline your IoT deployment by maintaining security. Your IoT products are easily scalable as well as secure with our services.