FREQUENTLY ASKED QUESTIONS
The security industry can do this in several ways, but it starts with recognizing the problems and then providing better education about the solutions.
In most cases, the technology is available and just needs to be implemented. For example, SSL/TLS provides strong and scalable encryption at the scale that the IoT demands. Sophisticated, managed PKI systems can handle strong identity vetting and provide reliable data encryption across all objects and devices within IoT deployments. A PKI solution should be the standard for IoT.
The security industry needs to help vendors understand the risks associate with poor IoT security. First, we need to present information from the point-of-view of an end-user. Second, organizations need to be made aware of the financial impact of poor security: lowered sales, diminished trust in their brand, or even health and safety risks when healthcare devices, critical infrastructure, and national defense are included in the conversation.
Simple protections can be put in place that notify end-users to set up controls over Wi-Fi and Bluetooth connectivity, enabling lock screens, and other basic security functions.
First, an organization needs to choose a Certificate Authority partner that is trusted and can scale effectively to meet their IoT requirements.
Second, manufacturers need to embed identity in devices during OEM rollout process. Third, they need to utilize regulated Attribute Authorities.
Finally, they shouldn't rely on established technology alone; they should integrate technology and tokens, adopt policies and procedures for accountability purposes, and review relationships and responsibilities regularly.