We have stated early and often that security needs to be imbued in every pillar of the IoT ecosystem. There is probably no pillar more important to start with securing than the end points pillar. The fact is there are so many different types of end point devices, it is impossible to retrofit a one-size-fits-all security solution for any of them, no less all of them. The real key to endpoint security is recognizing and accepting that no two situations are the same. With IoT devices, we have yet to encounter an off-the-shelf security package that can simply be bolted on. To further complicate this scenario, not all end point device manufacturers can guarantee that the embedded security solution in the end point device itself is bulletproof. In an ideal world, sufficient device security would be resident in these devices. However in many cases, additional software and professional security services are necessary to augment what the manufacturer has pre-baked into the end point device. The good news is there are security features that IoT decision makers can look for when deploying IoT based projects. The following article does good job of highlighting these.
For how many years now have federal CIOs and IT managers heard the bromide “security must be baked in, not bolted on?” It is one of those phrases that gets repeated so often that it’s lost its meaning, but the fact that it’s still considered wisdom today is itself meaningful.