6 Things You Should Know About IoT Security

IoT Security

When selecting smart devices for business use, device security is a strategic consideration, not just a tactical one. Smart devices, by their nature, communicate with other devices and the cloud. Smart devices also process, transmit and sometimes collect personal user data for purposeful use. After observing the catastrophic impact of information security breaches, smart device manufacturers have learned that information gleaned from smart devices serves society best when treated as personal data.

So, what security requirements should a business consider as table stakes when building a smart device portfolio? Check out our detailed post on IoT smart device security considerations.

Security is your most important consideration

When choosing IoT smart devices, security should always be your number one consideration. The risk of a data breach is high.
All information passed from/to the device should be encrypted
This is the same type of communication you use every day when you load up nearly any website and is a minimum requirement for passing data over the Internet, whether it's personally identifiable information (PII) or not.
IoT smart device should support encryption of data "at rest"

This means that even when data is not transmitting from one place to another (such as when data is sitting in an Amazon S3 bucket or stored on a device-local micro-database), it should not be stored in plain text. It should be stored in an encrypted format.
IoT device has a well-defined ownership and access/control delegation model

In other words, device owners should be able to assign the ability to control and process data from devices to others in a clear, secure manner that conveys access rights to both parties. Owners should also be able to easily revoke this control. The most important standard has evolved to support this requirement is the OAuth2.0 standard. If your device maker does not support OAuth2.0 as a standard for granting device access, it's a potentially risky consideration. Indeed, Yonomi does not support integration with any device that fails to support this standard.
Internal data management and control policies should be in place and made readily available to IoT device customers

These are often made available when purchasing the device and again in Terms of Use documents - regardless if anyone reads them. :)
IoT device data management policies must adhere to government data privacy mandates

Smart device makers should consider the data collected by their devices subject to GDPR and other government policies, depending on where the devices are used, or the owner lives. If they don't, there is a potential that your business could be subject to the risk associated with a device maker's failure to comply with these legal requirements.

Yonomi IoT Platform

Yonomi is the fastest way to integrate your application with smart, connected devices to your property management, energy management, wellness, and insurance software applications.

Our mission is to enable and accelerate the building and delivery of rich, smart home applications for solution providers. To do this, we’ve built an IoT Platform connecting to 100+ mass-market consumer devices and devices required for specific vertical industry use cases that is traits based, so you don't have to worry about an evolving IoT device market.

If you are interested in testing the platform, visit our developer portal.