Embedding security into architecture and design of major IoT projects is the best way to catch problems earlier, avoid costly patchwork, lower the risk of data breaches, and to meet compliance needs. However, research shows that most of the times security is either completely forgotten or is just an afterthought. Same is true for IoT where race to the being first in the market is on, and taking care of security and privacy of critical assets is not given due importance in design and implementations.
A comprehensive design review needs to take into consideration multiple dimensions, both from technology and business perspectives. The review has to be a business-focused activity to perform security review of a project to:
- Identify significant security and compliance gaps early.
- Provide recommendations to fill identified gaps based upon business analysis.
- Avoid costly patchwork and save time at later stages.
- Minimize probability of data breaches and security incidents.
- Make the IoT project a true competitive advantage and increase brand value.
The review should be performed in nine different dimensions covering different aspects of information security while focusing on your industry.
- Data Dimension – Data acquisition, transmission, processing, storing, disposal, leakage
- Identity Dimension – Strong authentication, authorization, access management, identity lifecycle
- Operations Dimension – Updates and patching, malware, SDLC, Logging, monitoring, alerting, physical security.
- Infrastructure Dimension – Networking, Operating Systems, Storage, Cloud, Devices, Protocols
- Integration Dimension – Human, machine, application, and partner interface
- Capacity Dimension – Capacity and scalability planning
- Outcome Dimension – Suitability for use and purpose, usability, convenience
- Business Risk Dimension – Business Continuity, legal and compliance risks
- Governance Dimension – Governance, processes, operational costs
Of course this is not a trivial task and professionals performing this review need to have a deep understanding of many ares of technology, knowledge of industry, business acumen, and experiences in implementation of projects. Knowledge of different standards and research reports from leading research organizations is also a must for this type of review. However, if done properly, it can save future expenses and time spent in fixing items.
The agile development models create challenges where a lean and quick method of design reviews can be of great help.