Aloysius Cheang, Executive Vice President - APAC and Chief Standards Officer, Cloud Security Alliance
The Internet of Things is already impacting the daily lives of millions of people through the adoption of health and fitness monitors, home security devices, connected cars and household appliances, among other applications. Such devices offer the potential for improved health monitoring, safer highways, and more efficient home energy use, among other potential benefits. However, it may be noted that connected devices raise numerous privacy and security concerns that could undermine consumer confidence. If it is on the Internet, it has to be secured in the same way as you secure your computers connected to the Internet. We believe that by adopting the best practices we’ve laid out, businesses will be better able to provide consumers the protections they want and allow the benefits of the Internet of Things to be fully realized.
Research is needed to allow organizations to design a trusted IoT ecosystem in their enterprise that securely utilizes the cloud for control and data connectivity. Investments in research & development are required to allow organizations to design, without research & development organizations would not have innovation edge to leverage on new emerging technologies for business requirements. Organizations will have to adapt strategies and react in the face of technologies otherwise, in the absence of this, organizations will be forced to make substantial architectural decisions without sufficient data to understand the risks and identify appropriate mitigations
The IoT also helps to understand the need to manage exponentially more identities than existing Identity Access Management systems that are required to support. The security industry is seeing a paradigm shift whereby Identity Access Management is no longer solely concerned with managing people but also managing the hundreds of thousands of ‘things’ that may be connected to a network. The document “New Guidance for Identity and Access Management for the Internet of Things” is the first in a series of summary guidance aimed at providing easily understandable recommendations to information technology staff charged with securely implementing and deploying IoT solutions. With this guidance document, we can provide prescriptive guidance to stakeholders detailing an easy-to-follow set of recommendations for establishing an Identity Access Management for IoT program within their organization. Managing Identity Access Management can be bigger in building smart cities. Cloud Security Alliance with Securing Smart Cities worked on an initiative addressing guidelines for the cyber security challenges of smart cities. The guide provides organizations with an overview of the key elements needed in order to implement the best technological solutions with a lower risk and exposure to cyber threats.
We see the increased interest in the vehicle security which has seen the most cooperation between the security community and the original equipment manufacturers (i.e. carmakers) as the latter move into new technological sectors with the expansion of the connected car market. Many of the other applications are working with the U.S. Federal Highway Administration on providing the feedback on Connected Vehicle Security strategy which will offer the opportunity to reduce collisions and save lives. Under this strategy vehicles will be designed to communicate with one another, their environment and even pedestrians and messages will be provided with integrity, authenticity and in some cases with confidentiality protections.
The next journey in supporting the industry is by decomposing the common devices types, markets and architectures of the IoT, and subsequently analyzing and recommending appropriate security mitigations across these commonalities.
Founded in 2008, Cloud Security Alliance is a company headquartered in Seattle, United States, which provides security assurance within cloud computing and offers education on the uses of cloud computing