another continent, and the teams don't always have all the information to guarantee
the best security."
Fumagalli suggests the need for several strategies to secure IoT devices:
Use a certificate to authenticate devices, and use safe connections for device
communications.
Work with cloud engineers to use a good data-encryption strategy.
In addition to strong data encryption, limit data communications to the minimum
needed for proper operations so that unwanted access will be more difficult.
Design the device to simulate a different kind of hardware so that from the outside,
the device will be unrecognizable.
Consider component selection and purpose-built design because devices limited
in their capabilities to a narrow purpose are more difficult to attack.
Additional security measures include providing user information that shows how to
create more secure device connections.
"By providing users with rules for an external firewall configuration, you give them
a way to make a more secure installation," says Fumagalli. "Unfortunately, for
consumer products, few users have the required knowledge for such settings."
He also recommends having a way to update the software on the device remotely.
"Always keep the systems current with the latest update. Using the currently
available version of the software is important, which means staying in touch with
chip and operating system builders," he says.
" Some legal
regulations can
limit the security,
such as the limit
on encrypting
data. . . . In these
cases, it is always
better not to settle
for a lower level of
security."
13
