IoT cybersecurity: how to protect devices on a cloud-based Internet of Things platform

Ausum Cloud Ciberseguridad

Billions of devices are connected and communicate with each other through the Internet of Things. More and more businesses are experiencing the benefits of the Internet of Things (IoT) and its data, but the challenges posed by security, privacy, and regulatory compliance can’t be ignored. Cloud-based IoT cybersecurity starts with guaranteeing the security and the protection of the connected devices.

Cloud security and IoT cybersecurity

The Internet of Things is the convergence of the physical and cyber worlds, something which brings many advantages, but also multiplies risks and presents important security, privacy and transparency challenges.  As Microsoft Azure points out, IoT cybersecurity is about ensuring the integrity of code running on devices, providing device and user authentication, being resilient to cyber and physical attacks and guaranteeing the transparency, privacy and protection of data.

To respond to these challenges, the choice of provider for your cloud-based IoT platform, solutions and applications is fundamental. The infrastructure should be secure from start to end; from the connectivity of devices to user applications. And security in the supply and authentication of devices is the foundation from which cloud-based IoT cybersecurity is built.

Granting permissions and access control

Through shared access policies, different permission combinations can be granted (connection, read or write access, amongst others) on a general level. In addition, through the identity of each connected IoT device, access permissions can also be configured individually.

Device authentication

The access policies and security credentials of each device are stored on a security token and, depending on the security token, access is then provided (or not) to platform connection points. In this way, passwords and credentials are never sent over the connection.  Security tokens allow you to grant time-limited access to devices and services on the IoT platform.

Another form of authentication is the use of a compatible X.509 certificate. Each device can use a token or a certificate, but not both at the same time. X.509 certificates are authentication tools validated for many public cloud platforms, including Amazon Web Services and Azure.

Security of connection

Security in the communication process, in the sending of data back and forth between the cloud platform and devices, is just as important in the cybersecurity of the Internet of Things.  In addition, this communication is carried out on networks such as the internet, which are outside of the business’s and the IoT solution provider’s control.

In the case of Azure, the communication route between the gateway and the platform are protected through a standard protocol (TLS) and the previously mentioned authentication systems. In addition, the platform doesn’t initiate the connection, it is the device that requests entry (IoT Hub stores messages until the device is connected and then it sends them).

Finally, platform security depends on the measures adopted to protect the processing and storage of data once sent, a topic deserving of its own article. In essence, cloud-based Internet of Things platforms and solutions should be designed to be secure from the very first communication with the device through to the processing and analysis of the data.

Images | Unsplash/Jon MooreJefferson Santos