Until now, security has been treated as an afterthought; by adding layers of security after devices are delivered, with infrastructure and applications already in place. But security for IoT is too important to be treated as an afterthought. IoT’s unique characteristics are also forcing a fundamental rethink about how Enterprises need to implement security management for devices and data.
IoT use cases are all about the data. IoT applications can’t trust the data unless the device is trusted. If the device and data it collects can’t be trusted, there is no point collecting it, analyzing it, and making an incorrect decision or policy change. Imagine if a doctor or clinician adjusts the wrong dose of medication for a connected medical device based on untrusted data; this is a patient safety and healthcare issue. To address this challenge effectively there needs to be a device-bound data security model.
The Enterprise IoT Security Blueprint was first introduced by Device Authority in April 2018 and has since evolved to incorporate further steps within the emerging Enterprise IoT state. This evolution is a result of technology innovation and exploring real world use cases in different industries which require robust security by design. This is actively evolving, and the following Insight Guide outlines these considerations in what we refer to as Enterprise IoT security blueprint 2.0.