Issue link: https://resources.mouser.com/i/1516458
The challenge for IoT solution designers is that, unlike end-user computers, where security has been built into systems for years and there are many standard practices for that process, until recently, IoT security has been an afterthought. Bisoi points out, "When you do something as an afterthought, it becomes extremely difficult to bake it back into the design. Right now, if you think of all the modern IoT devices that are hitting the market, whether in the enterprise or in the business-to-business or business-to-consumer space, security is now being designed into the product." Today, there are two primary areas of security for networks of IoT devices. One uses software solutions to monitor IoT device behavior and alert users to unusual device activity. The other embeds security in the devices themselves. The cornerstone of embedded IoT security is a secure boot process, in which the devices self-check to make sure that they are starting in a known good state. That process includes verifying that the device is legitimate when it attempts to connect to the network. Today's secure IoT networks must operate on the principle of lack of trust, which means that a device has to validate itself before it can join the network. "If you are designing a device that is meant to connect to the internet and to other devices, perhaps across continents by means of a network, then you have to design your network on the basis of complete lack of trust," Bisoi says. "You actually must establish all the security measures on both sides—on the device side as well as on the backbone network layer." " If you are designing a device that is meant to connect to the internet and to other devices, perhaps across continents by means of a network, then you have to design your network on the basis of complete lack of trust." 10