A New Approach to IoT Security Evaluations

September 19, 2016

Security threats have the potential to undermine confidence in the IoT. As such, ensuring end-to-end security and data privacy for IoT solutions is increasingly an industry priority. The security challenges are threefold:

Organisational

Contrary to traditional IT services, successful deployment of IoT solutions requires the collaboration of a large ecosystem, from IoT device manufacturers to network operators to IoT developers and service providers. The lack of consistent terminologies in the IoT and IoT security industry in particular further complicates successful collaboration and deployment.

Commercial

A large number of IoT devices and services are at risk of never being launched to market, because security concerns and risks outweigh the benefits of investment – making security a serious deployment barrier.

Technical

Traditional internet security methods, while still applicable, don’t necessarily address new challenges that are unique to the IoT. These include service availability, secure identity, data privacy, and service integrity in devices that are low complexity and low cost, have constrained power supplies, very long lifecycles and are physically assessable to hackers.  The industry will also have to rise to the challenge of remotely monitoring and maintaining the security of billions of new devices throughout their entire lifecycles.

 

End-to-End Security

Many challenges of IoT security can be addressed with the expertise and assets of mobile network operators, such as the use of private APNs to isolate endpoint devices, communication monitoring to detect unusual traffic activity, and use of SIM cards to enable secure network authentication.

However, security at network level is not enough, for security can be compromised on multiple levels such as physically within endpoint devices, at the service layer, and within the service platform. As a result, IoT security is dependent on all players in the ecosystem, meaning that the end-to-end solution can only be as strong as the weakest link in the chain.

 

IoT Security Evaluations

Consequently, the IoT industry requires different best practices for security which build upon traditional IT security approaches, but focus on the new challenges ahead. The GSMA IoT Security Guidelines promote such best practice for the secure design, development and deployment of IoT services, covering the entire ecosystem while addressing security challenges unique to the IoT.

The complexity and diversity of the IoT ecosystem as well as the quick pace of technological development is creating obstacles for using traditional methods of security evaluation for IoT, such as using a lab based security certification. Traditional methods are often geared towards a single product and may not be applicable to the whole ecosystem. Instead, light-touch benchmarking tools and general approaches are better suited to accommodate the complexity of the IoT ecosystem which contains a diversity of stakeholders and components.

The GSMA IoT Security Self-Assessment covers security controls for the whole ecosystem and further enhances the alignment of all stakeholders by putting in place a concise framework with consistent terminology and a structured approach to IoT security information.

infographic-website-header

 

The scheme enables companies to discover if their security measures align with the best practice outlined in the GSMA IoT Security Guidelines. Companies can use the scheme to address weaknesses in their products and services, and demonstrate to their customers that they’ve taken Cybersecurity seriously.

Take Part Now

 

Back

Securing the Port of the Future Led by the University of Seville, the Port Authority of Seville, and Telefónica, the Tecnoport 2025 project uses Internet of Things (IoT) solutions to improve the efficiency of ...

Read more | See all Resources

Webinar: Experts Discuss Telco IoT Big Data Initiatives The Internet of Things is generating a huge amount of data that is currently retained in vertical silos. However, a true IoT is dependent on the availability and confluence of ri...

Read more | See all Resources

Video: Importance of Interoperability in Digital Health Revealed in Industry Web Digital health solutions can increase quality, reduce cost, and extend reach of healthcare. They can empower individuals to manage their own health more proactively and effective...

Read more | See all Resources

The IoT Guide to MWC17 Mobile technology is playing an increasingly crucial role in the Internet of Things, helping to connect everything from sophisticated automobile equipment, to simpler, low power ...

Read more | See all Resources

Building Smart Cities – The Crucial Role of Mobile Operators This video explores the definition of a smart city, the value that mobile operators bring to smart cities, and advice to governments and city planners looking to deploy smart cit...

Read more | See all Resources

How Digital Health can Alleviate the Pressure on Healthcare Systems Digital health has the potential to overcome many of the issues that modern healthcare systems face. In this video, our Vertical Engagement Specialist for Health, Rob Childs, out...

Read more | See all Resources

Smart Traffic: a Key Step Towards Smart Cities Cities are getting smarter every day, but generally in incremental fashion, such that the pace of change is barely perceived. With rapid uptake of connected vehicles now plainly ...

Read more | See all Industry News

The Definitive Policy and Regulatory Resource for the IoT Jeanine Vos, Executive Director, Connected Living, GSMA A while ago, the Mckinsey Global Institute published research which speculated that, compared with the Industrial Revoluti...

Read more | See all Industry News

Successful Interoperability Testing for GSMA Remote SIM Provisioning for M2M Pro The GSMA’s specification for Remote SIM Provisioning for M2M has been adopted by the majority of the world’s leading mobile network operators, with GSMA Intelligence estimati...

Read more | See all Industry News

Next generation IoT at the Innovation City See below for a list of Internet of Things demonstrations in the GSMA Innovation City The Internet of Things is entering a new stage. As of this year, a family of new low power w...

Read more | See all Industry News

The Road to 5G and the Rise of Connected Cars Among the most noticeable developments in IoT technology over the coming years will be a marked proliferation of connected cars. The next decade is forecast to see rapid growth i...

Read more | See all Industry News

Mobile Industry will convene at MWC to discuss commercial strategies for Smart C The mobile Industry’s principal commercial strategies for the IoT will again be debated at this year’s Mobile World Congress, following confirmation of seminars on the subjec...

Read more | See all Industry News

Connected Living at TEISS 2017 February 21, 2017 The European Information Security Summit 2017 (TEISS) is one of the largest and most comprehensive cyber security summits in Europe, featuring conferences on culture an...

Read more | See all Connected Living Events

Mobile World Congress 2017 February 26, 2017 Mobile. The Essential Element of IoT The Internet of Things will connect a new generation of smart devices, enabling big data and providing invaluable business opportun...

Read more | See all Connected Living Events

GSMA Global Mobile IoT Summit February 26, 2017 Mobile IoT (licensed spectrum low power wide area) networks will play an important role in connecting up the billions of new devices making up the IoT. Low Power Wide A...

Read more | See all Connected Living Events

IoT Elements: Bringing the Smart City to Life February 28, 2017 With 27 billion devices connected globally by 2025, the evolution of smart cities will change our everyday lives, from improving traffic flow to managing pollution and ...

Read more | See all Connected Living Events

Mobile IoT (LPWA) – Open for Business March 01, 2017 Low Power Wide Area (LPWA) is an emerging part of the IoT and represents a huge market opportunity as the IoT scales. Analyst firm Strategy Analytics anticipate there w...

Read more | See all Connected Living Events

Contact GSMA Legal Email Preference Centre Copyright © 2017 GSMA. GSM and the GSM Logo are registered and owned by the GSMA.