CSA Launches New Security Guidance for Early Adopters of the IoT

Cross-Industry Guidance Highlights Key Challenges and Recommended IoT Security Controls

News provided by

Cloud Security Alliance

20 Apr, 2015, 12:00 ET

SAN FRANCISCO, April 20, 2015 /PRNewswire-USNewswire/ -- The Cloud Security Alliance (CSA) today unveiled a new guidance report titled, New Security Guidance for Early Adopters of the IoT, aimed at helping early adopters understand the security challenges surrounding the Internet of Things (IoT), and providing recommended security controls and sample use-cases for organizations implementing IoT capabilities. These controls have been tailored to IoT-specific characteristics to allow early adopters to mitigate many of the risks associated with this new technology.

The IoT provides new and enhanced capabilities across diverse industries and enterprise functions, as well as unique security challenges associated with each market segment, use case and vendor community.  However, sufficient research into the vulnerabilities associated with the IoT, and best practices for securely developing, deploying, trusting and maintaining IoT components has not yet been conducted. 

"Traditional security mechanisms such as secure software development and security controls engineering, common vulnerability and exploit (CVE) discovery and reporting, vulnerability management, and field upgrade and patching do not exist or are immature in most of the industries taking advantage of IoT platforms," said Luciano Santos, VP of Research and Member Services for the CSA. "Research is needed to allow organizations to design a trusted IoT ecosystem in their enterprise that securely utilizes the cloud for control and data connectivity.  In the absence of this research, organizations will be forced to make substantial architectural decisions without sufficient data to understand the risks and identify appropriate mitigations."

CSA is supporting the industry by decomposing the common devices types, markets and architectures of the IoT, and subsequently analyzing and recommending appropriate security mitigations across these commonalities.  In future research in this area, CSA will associate each category with the appropriate cloud security standards, CCM controls, best practices and relevant governance. Research will help identify and document critical vulnerabilities associated with introduction of IoT in various enterprise environments and provide best practices for vulnerability mitigation.  As part of its ongoing research, CSA will also provide developers with secure development guidance to ensure IoT components are designed securely from the start.  

Recommended security controls detailed in the report include:

  • Analyze privacy impacts to stakeholders and adopt a privacy-by-design approach to IoT development and deployment.
  • Apply a Secure Systems Engineering approach to architecting and deploying a new IoT SoS.
  • Implement layered security protections to defend IoT assets.
  • Define life-cycle controls for IoT devices.
  • Define and implement an authentication/authorization framework for the organization's IoT deployments.
  • Define and implement a logging/audit framework for the organization's IoT ecosystem.
  • Develop safeguards to assure the availability of IoT-based systems and data.
  • Information sharing and support of a global approach to combating security threats by sharing threat information with security vendors, industry peers and Cloud Security Alliance.

The full report is freely available at https://downloads.cloudsecurityalliance.org/whitepapers/Security_Guidance_for_Early_Adopters_of_the_Internet_of_Things.pdf

About Cloud Security Alliance
The Cloud Security Alliance is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders. For further information, visit us at www.cloudsecurityalliance.org, and follow us on Twitter @cloudsa.

Logo - http://photos.prnewswire.com/prnh/20130723/DC51526LOGO

SOURCE Cloud Security Alliance

Related Links

http://www.cloudsecurityalliance.org

PRN Top Stories Newsletters

Sign up to get PRN’s top stories and curated news delivered to your inbox weekly!

Thank you for subscribing!

By signing up you agree to receive content from us.
Our newsletters contain tracking pixels to help us deliver unique content based on each subscriber's engagement and interests. For more information on how we will use your data to ensure we send you relevant content please visit our PRN Consumer Newsletter Privacy Notice. You can withdraw your consent at any time in the footer of every email you'll receive. Mit Ihrer Anmeldung erklären Sie sich damit einverstanden, Inhalte von uns zu erhalten.
Unsere Newsletter enthalten Zählpixel, die die Lieferung einzigartiger Inhalte in Bezug auf das Abonnement und die Interessen der einzelnen Abonnenten ermöglichen. Weitere Informationen über die Verwendung Ihrer Daten im Hinblick auf die Zusendung von relevanten Inhalten, finden Sie in unserer PRN Consumer Newsletter Privacy Notice. Ihre Zustimmung können Sie jederzeit in der Fußzeile jeder erhaltenen E-Mail widerrufen. En vous inscrivant à la newsletter, vous consentez à la réception de contenus de notre part.
Notre newsletter contient des pixels espions nous permettant la fourniture à chaque abonné, d’un contenu unique en lien avec ses souscriptions et intérêts. Pour de plus amples informations sur l’utilisation faite de vos données en vue de l’envoi des contenus concernés, nous vous invitons à consulter la politique de confidentialité disponible à partir du lien suivant PRN Consumer Newsletter Privacy Notice. Vous pouvez à tout moment revenir sur votre consentement par le biais des informations situées au bas de chaque e-mail reçu. Регистрирайки се, Вие се съгласявате да получавате информационно съдържание от нас. Нашите бюлетини съдържат проследяващи пиксели, които ни помагат да предоставяме уникално съдържание въз основа на ангажираността и интересите на всеки абонат. За повече информация относно начина, по който ще използваме Вашите данни, за да гарантираме, че Ви изпращаме подходящо съдържание, моля, направете справка с нашето Уведомление за поверителност на потребителския бюлетин на PRN. Можете да оттеглите съгласието си по всяко време в долния колонтитул на всеки от имейлите, които ще получите.