IoT security – you are in control!

IoT Security – you are in control!

Russell Doty, Technology Product Manager, Red Hat

The Industrial Internet of Things (IoT) is revolutionising how sensors and controllers are made and connected. The devices are becoming more capable and more intelligent. Using a network interface instead of direct hardwired connections for connecting the devices greatly simplifies installation and expansion of systems.

IoT security – you are in control!These new capabilities and features also come with new security concerns. Consider one vital fact: anything that can connect to a network is a computer. Computers are flexible, general purpose devices that can be modified – for good or for evil. And any connection to the network is an entry point into the network. If you network strategy is built around perimeter security, each IoT device is effectively punching a hole in your security.

First the good news: the Internet of Things can be secured. The technology exists to build a robust, secure, effective and powerful IoT. Digital signatures for software and systems, encrypted communications and storage, robust authentication, secure software development practices – the tools are available for everyone to use.

Next, the bad news: many IoT implementations are insecure. With the pressure to achieve a short time to market, a rich set of features, and greatest ease of use, security may take a back seat.

There are several things you can do to build a secure IoT:

• Make security part of your requirements – and part of your purchase decision. Do not purchase systems or components unless they include robust security. If buyers make security a requirement – a real requirement that gates buying, not a goal that can be over-ridden – IoT suppliers will deliver secure products.

• For Industrial IoT consider the long installed life of these systems. Many Industrial IoT systems will be in use for 10, 20 or 30 years. This long life has several implications:

  •  It must be possible to update all software on all devices. The vendor must provide a mechanism to securely update software while preventing unauthorised modifications. The updates should be done over the network – for Industrial IoT devices it isn’t feasible to physically update the devices; there may be hundreds or thousands of devices, many installed in inaccessible or hostile locations.
  • The vendor must have a commitment to deliver updates. A long life device will need updates for security issues, bug fixes, and perhaps new features. With consumer IoT devices, which commonly have a very short product lifespan, it may be reasonable for a vendor to ship a new device rather than updating the software on existing devices. For Industrial IoT devices it is vital to select vendors that will maintain and update the software in their products.
  • The vendor needs to support industry standards. This is especially critical for network interfaces – the IoT devices should support standard network interfaces and network protocols. This is challenging today because the technologies are quickly evolving. Wherever possible use open industry standards like Ethernet, WiFi, or Bluetooth.

• Carefully consider device identification, registration, and configuration. The greatest ease of use occurs when an IoT device can be powered on, recognized, and automatically configured into the network and the IoT system. This may be appropriate for consumer IoT devices, but carries risk for Industrial IoT. You need to be able to identify a new device, authenticate and validate the device, and then securely register it into your IoT environment. Secure identification, authentication and validation is especially critical for controllers which affect their environment. You don’t want “mystery devices” just showing up and automatically being added to your network!

• The Industrial IoT is not a “fire and forget” environment. You must monitor it – for performance, for correct results, for system and network integrity, and for security.

• You must actively manage the IoT. Devices and capabilities will be added, moved, updated, and removed. Hardware and software will fail. As you explore the expanded capabilities of an IoT system you will uncover new things to do with the distributed system and the data it produces. Plan for change and evolution in your system, because this will happen!

The future of the Industrial Internet of Things is under your control. The buying decisions you make will determine whether it is secure, robust, and flexible – or if it is driven by lowest initial price, biggest feature set, vendor lock-in, and ongoing security disasters. Choose wisely!

[su_button url=”http://www.redhat.com/en” target=”blank” style=”flat” background=”#df2027″ color=”#ffffff” size=”10″ radius=”0″ icon=”icon: arrow-circle-right”]Click here to find out more about Red Hat[/su_button]

About Security Buyer

Security Buyer is the leading authority in global security content, delivering expert news, in-depth articles, exclusive interviews, and industry insights across print, digital, and event platforms. Published 10 times a year, the magazine is a trusted resource for professionals seeking updates and analysis on the latest developments in the security sector.

To submit an article, or for sponsorship opportunities, please contact our team below.

Rebecca Spayne picture 2025

Rebecca Spayne

Managing
EDITOR

Georgina Turner image

Georgina Turner

Sales
Manager

Afua Akoto image - Security Buyer

Afua Akoto

Marketing Manager

Read the Latest Issue

Follow us on X

Follow us on X

Click Here

Follow us on LinkedIn

Follow us on LinkedIn

Click Here

Advertise here

Reach decision makers and amplify your marketing

Advertise here

Click Here

Related News

Cloud, AI, and Integration: Rhombus on What’s Next in Physical Security

Garrett Larsson, Co-Founder and CEO of Rhombus Systems, explores how cloud, AI, and…
Copyright: Security Buyer

Facial Recognition: Innovation vs. Accountability

Facial recognition technology is advancing with AI, IoT, and privacy-first security, but regulatory compliance, ethical AI, accountability…
ICT

ICT & Milestone unified with new integrations

Integrated Control Technology (ICT) has released paired integrations between Protege GX, and Milestone’s XProtect platforms…
Hanwha

Hanwha Vision and Immix bolster integration

Hanwha Vision and Immix have enhanced their longstanding partnership with a deeper integration that supports industry-leading AI analytics
SESIP

GlobalPlatform to support SESIP IoT evaluation standard

In response to the growing uptake of GlobalPlatform’s Security Evaluation Standard for IoT Platforms (SESIP) methodology, the organization…
IoT

IoT: Secure and Connected

Hannah Larvin, Features Editor of Security Buyer explores how IoT is transforming security with advanced integration and interoperability…
ZeroSSL

HID Enhances Its PKI Offerings with Acquisition of ZeroSSL

HID, a worldwide leader in trusted identity solutions, announces the acquisition of ZeroSSL, an SSL certificate provider based in Austria…
C7000 HERO IMAGE

Greater integrations with the release Command Centre v9

Gallagher Security is proud to announce the latest release of their award-winning security site management software, Command Centre v9 today.
Global Platform

Adoption of GlobalPlatform’s IoT security evaluation standard

GlobalPlatform’s Security Evaluation Standard for IoT Platforms (SESIP) methodology has been adopted as the basis for a European Standard (EN)
biometrics

Embracing Integration, Intelligent Evolution

Managing Editor Rebecca Spayne looks at the UK’s physical security landscape and its transformative shift, converging cyber…
Scroll to Top