A New Approach to IoT Security Evaluations

September 19, 2016

Security threats have the potential to undermine confidence in the IoT. As such, ensuring end-to-end security and data privacy for IoT solutions is increasingly an industry priority. The security challenges are threefold:

Organisational

Contrary to traditional IT services, successful deployment of IoT solutions requires the collaboration of a large ecosystem, from IoT device manufacturers to network operators to IoT developers and service providers. The lack of consistent terminologies in the IoT and IoT security industry in particular further complicates successful collaboration and deployment.

Commercial

A large number of IoT devices and services are at risk of never being launched to market, because security concerns and risks outweigh the benefits of investment – making security a serious deployment barrier.

Technical

Traditional internet security methods, while still applicable, don’t necessarily address new challenges that are unique to the IoT. These include service availability, secure identity, data privacy, and service integrity in devices that are low complexity and low cost, have constrained power supplies, very long lifecycles and are physically assessable to hackers.  The industry will also have to rise to the challenge of remotely monitoring and maintaining the security of billions of new devices throughout their entire lifecycles.

 

End-to-End Security

Many challenges of IoT security can be addressed with the expertise and assets of mobile network operators, such as the use of private APNs to isolate endpoint devices, communication monitoring to detect unusual traffic activity, and use of SIM cards to enable secure network authentication.

However, security at network level is not enough, for security can be compromised on multiple levels such as physically within endpoint devices, at the service layer, and within the service platform. As a result, IoT security is dependent on all players in the ecosystem, meaning that the end-to-end solution can only be as strong as the weakest link in the chain.

 

IoT Security Evaluations

Consequently, the IoT industry requires different best practices for security which build upon traditional IT security approaches, but focus on the new challenges ahead. The GSMA IoT Security Guidelines promote such best practice for the secure design, development and deployment of IoT services, covering the entire ecosystem while addressing security challenges unique to the IoT.

The complexity and diversity of the IoT ecosystem as well as the quick pace of technological development is creating obstacles for using traditional methods of security evaluation for IoT, such as using a lab based security certification. Traditional methods are often geared towards a single product and may not be applicable to the whole ecosystem. Instead, light-touch benchmarking tools and general approaches are better suited to accommodate the complexity of the IoT ecosystem which contains a diversity of stakeholders and components.

The GSMA IoT Security Self-Assessment covers security controls for the whole ecosystem and further enhances the alignment of all stakeholders by putting in place a concise framework with consistent terminology and a structured approach to IoT security information.

infographic-website-header

 

The scheme enables companies to discover if their security measures align with the best practice outlined in the GSMA IoT Security Guidelines. Companies can use the scheme to address weaknesses in their products and services, and demonstrate to their customers that they’ve taken Cybersecurity seriously.

Take Part Now

 

Back

Huawei: NB-IoT Ecosystem Partner list This document provides a list of Huawei’s NB-IoT partners, detailing the solutions offered by each organisation. The brochure also contains a list of regions and sectors ...

Read more | See all Resources

Webinar Highlights: Deploying Mobile IoT – Ask the Experts Mobile IoT (licensed spectrum low power wide area) networks are a high-growth area of the IoT and will play an important role in connecting billions of new devices. Low power wid...

Read more | See all Resources

The IoT Opportunity: Mobilising the Internet of Things Representing the mobile industry, the GSMA’s Internet of Things programme is working to accelerate the deployment of new connected solutions. In this short video, discover mor...

Read more | See all Resources

LPWA: Enabling Extreme Wildlife Tracking To protect threatened species, conservationists need to fully understand their behaviour and which habitats are key to their survival. To that end, Vodafone is working with the ...

Read more | See all Resources

The importance of Embedded SIM certification to scale the Internet of Things As a provider of connected devices why should you care about test and certification of Embedded SIM? Because it enables your devices to reach market faster since they do not need...

Read more | See all Resources

Mobile Privacy and Big Data Analytics Big data analytics can have a significant impact on societal aims such as the UN Sustainable Development Goals and has the potential to deliver more effective health outcomes, be...

Read more | See all Resources

AT&T & China Telecom announce nationwide deployments of Mobile IoT AT&T and China Telecom are the latest mobile network operators to demonstrate the growing trend towards licensed low power wide area (LPWA) networks, both having been reporte...

Read more | See all Industry News

Interview: Putting NB-IoT to the Test Cao Ming explains how Huawei’s Shanghai lab is enabling developers to test a wide variety of innovative Internet of Things solutions   Cao Ming, President of FDD Product L...

Read more | See all Industry News

LPWA: Tracking Pallets Across Borders (Use Case) Pallet specialist RM2 and mobile operator AT&T are using the Mobile IoT to streamline international logistics   The global logistics industry has about 15 billion pallet...

Read more | See all Industry News

How to Support the Development of Smart Cities in Asia-Pacific Asia is experiencing exceptionally high rates of urbanisation and population growth. As pointed out by the World Bank Group, the number of people in South Asia’s cities ros...

Read more | See all Industry News

Interview: Oi Brasil Crowdsources Internet of Things Innovation Alberto Boaventura explains how Oi’s new IoT Lab is working with developers, universities and businesses to develop smart solutions and services   Alberto Boaventura, Tech...

Read more | See all Industry News

The IoT Masterclass: Securing the Connected Future By 2025, the world will be composed of 27 billion connected devices.[1] From waste management to water meters, a whole host of new services and devices will share data. This open...

Read more | See all Industry News

ETSI Workshop: “Making Smart Cities Sustainable” June 07, 2017 In cooperation with the European Commission and Eurocities, ETSI is pleased to announce the ETSI workshop “Making Smart Cities Sustainable” from large scale pilots ...

Read more | See all Connected Living Events

4th GSMA Global Mobile IoT Summit June 27, 2017 Moving to Global Deployment After seeing more than 40 successful Mobile IoT pilots globally in the last year by a range of mobile operators, the industry is now moving ...

Read more | See all Connected Living Events

Mobile World Congress Shanghai June 28, 2017 The Internet of Things will be central to Mobile World Congress Shanghai  – Asia’s biggest mobile event. Bringing together the global mobile industry’s ...

Read more | See all Connected Living Events

IoT Summit at MWC Shanghai 2017 June 29, 2017 With 27 bn connected devices forecast by 2025, including 6bn in China, mobile technology is playing an increasingly crucial role in the Internet of Things (IoT) –...

Read more | See all Connected Living Events

GSMA Connected Vehicle Summit June 30, 2017 Shanghai New International Expo Centre (SNIEC), W3, Auditorium B   The increasing consumer demand for car connectivity and intelligence has been a key driver of th...

Read more | See all Connected Living Events

Contact GSMA Legal Email Preference Centre Copyright © 2017 GSMA. GSM and the GSM Logo are registered and owned by the GSMA.