A New Approach to IoT Security Evaluations

September 19, 2016

Security threats have the potential to undermine confidence in the IoT. As such, ensuring end-to-end security and data privacy for IoT solutions is increasingly an industry priority. The security challenges are threefold:


Contrary to traditional IT services, successful deployment of IoT solutions requires the collaboration of a large ecosystem, from IoT device manufacturers to network operators to IoT developers and service providers. The lack of consistent terminologies in the IoT and IoT security industry in particular further complicates successful collaboration and deployment.


A large number of IoT devices and services are at risk of never being launched to market, because security concerns and risks outweigh the benefits of investment – making security a serious deployment barrier.


Traditional internet security methods, while still applicable, don’t necessarily address new challenges that are unique to the IoT. These include service availability, secure identity, data privacy, and service integrity in devices that are low complexity and low cost, have constrained power supplies, very long lifecycles and are physically assessable to hackers.  The industry will also have to rise to the challenge of remotely monitoring and maintaining the security of billions of new devices throughout their entire lifecycles.


End-to-End Security

Many challenges of IoT security can be addressed with the expertise and assets of mobile network operators, such as the use of private APNs to isolate endpoint devices, communication monitoring to detect unusual traffic activity, and use of SIM cards to enable secure network authentication.

However, security at network level is not enough, for security can be compromised on multiple levels such as physically within endpoint devices, at the service layer, and within the service platform. As a result, IoT security is dependent on all players in the ecosystem, meaning that the end-to-end solution can only be as strong as the weakest link in the chain.


IoT Security Evaluations

Consequently, the IoT industry requires different best practices for security which build upon traditional IT security approaches, but focus on the new challenges ahead. The GSMA IoT Security Guidelines promote such best practice for the secure design, development and deployment of IoT services, covering the entire ecosystem while addressing security challenges unique to the IoT.

The complexity and diversity of the IoT ecosystem as well as the quick pace of technological development is creating obstacles for using traditional methods of security evaluation for IoT, such as using a lab based security certification. Traditional methods are often geared towards a single product and may not be applicable to the whole ecosystem. Instead, light-touch benchmarking tools and general approaches are better suited to accommodate the complexity of the IoT ecosystem which contains a diversity of stakeholders and components.

The GSMA IoT Security Self-Assessment covers security controls for the whole ecosystem and further enhances the alignment of all stakeholders by putting in place a concise framework with consistent terminology and a structured approach to IoT security information.



The scheme enables companies to discover if their security measures align with the best practice outlined in the GSMA IoT Security Guidelines. Companies can use the scheme to address weaknesses in their products and services, and demonstrate to their customers that they’ve taken Cybersecurity seriously.

Take Part Now



LPWA: Enabling Extreme Wildlife Tracking To protect threatened species, conservationists need to fully understand their behaviour and which habitats are key to their survival. To that end, Vodafone is working with the ...

Read more | See all Resources

The importance of Embedded SIM certification to scale the Internet of Things As a provider of connected devices why should you care about test and certification of Embedded SIM? Because it enables your devices to reach market faster since they do not need...

Read more | See all Resources

Mobile Privacy and Big Data Analytics Big data analytics can have a significant impact on societal aims such as the UN Sustainable Development Goals and has the potential to deliver more effective health outcomes, be...

Read more | See all Resources

Securing the Port of the Future Led by the University of Seville, the Port Authority of Seville, and Telefónica, the Tecnoport 2025 project uses Internet of Things (IoT) solutions to improve the efficiency of ...

Read more | See all Resources

Webinar: Experts Discuss Telco IoT Big Data Initiatives The Internet of Things is generating a huge amount of data that is currently retained in vertical silos. However, a true IoT is dependent on the availability and confluence of ri...

Read more | See all Resources

Video: Importance of Interoperability in Digital Health Revealed in Industry Web Digital health solutions can increase quality, reduce cost, and extend reach of healthcare. They can empower individuals to manage their own health more proactively and effective...

Read more | See all Resources

Raising Standards across the Internet of Things Dino Flore of 3GPP and Barbara Pareglio of the GSMA explain the pivotal role of standards in shaping the Mobile Internet of Things Dino Flore, Chairman of RAN group, 3GPP Barbara...

Read more | See all Industry News

‘Mobile IoT: A Network which has been made for Battery, Speed and Cost’ – This year, the Internet of Things will make one of its biggest advances. As the Mobile IoT (licensed LPWA solutions) launches in Korea, Spain, the UK, the US and countless other ...

Read more | See all Industry News

Towards the Autonomous City: All you Need to know About Smart Cities During MWC The simple and easy retrofitting of IoT solutions is enabling cities to develop according to their needs and concealing the rapid pace of change that is happening before us What...

Read more | See all Industry News

‘Internet of the Seas’ marks new wave of eco-friendly IoT solutions on show Such is the rapid development of the Internet of Things that new milestones seem to be as quickly reached as they are surpassed. However, with the standardisation and commercial ...

Read more | See all Industry News

GSMA Announces Winners of Mobile IoT Innovators Showcase Awards The GSMA’s Connected Living programme today announced the winners of ‘The Mobile IoT Innovators Showcase’ competition at the GSMA Global Mobile IoT Summit, held at the Hesp...

Read more | See all Industry News

Mobile IoT Takes Off with Multiple Global Launches Planned in 2017 The availability of commercial Low Power, Wide Area (LPWA) solutions is set to dominate the agenda at the GSMA Global Mobile IoT Summit, held today at the Hesperia Tower Hotel in...

Read more | See all Industry News

Mobile World Congress Shanghai June 28, 2017 The Internet of Things will be central to Mobile World Congress Shanghai  – Asia’s biggest mobile event. Bringing together the global mobile industry’s ...

Read more | See all Connected Living Events

Contact GSMA Legal Email Preference Centre Copyright © 2017 GSMA. GSM and the GSM Logo are registered and owned by the GSMA.