Upload
masstlc
View
234
Download
0
Embed Size (px)
Citation preview
©2012 MASSTLC ALL RIGHTS RESERVED.
How Security Shifts in the World of IoT
Michael CurryIBM
Andy ThuraiIntel
© 2014 IBM Corporation
Security in a World of Connected Things
Michael CurryIBM SWG Product Management
@mikecurr55mikecurr55.wordpress.com
© 2014 IBM Corporation
The Internet of Things Creates New Concerns for Security
Zurich Insurance Risk Nexus April 2014
• Law 1:• Everything that is connected to the Internet can be hacked
• Law 2:• Everything is being connected to the Internet
http://www.zurich.com/internet/main/SiteCollectionDocuments/insight/risk-nexus-april-2014-en.pdf
© 2014 IBM Corporation
If it is just machine data... how important is security?
Image Credit: SmartPlanet.com
© 2014 IBM Corporation
What is Different About the Internet of Things?
• Attack surface
• Processing power
• Remote, accessible
• Lack of standards
• Threat to the physical world
Image Credit: Gill Sensors
© 2014 IBM Corporation
Let’s face it – We won’t be able to secure it 100%
Image Credit: Spero News
© 2014 IBM Corporation
Most Common Attacks
• Denial of Service
• Hijacking
• Spoofing
• Injection
• Sniffing/Data theft
• Viruses
© 2014 IBM Corporation
Four Elements of IoT Security
1.Physical Device
2.Data
3.Network
4.Incident Monitoring & Response
© 2014 IBM Corporation
1. Physical Device Security
Tamper-proofing
Secure boot
Authorization controls & geofencing
Remote software management
Device key management
© 2014 IBM Corporation
2. Data Security
Data governance policy
TLS
End-to-end encryption
Application layer policies
Data masking
© 2014 IBM Corporation
3. Network Security
Authentication
Authorization policy
Attack signature recognition
DoS defense
© 2014 IBM Corporation
4. Incident Monitoring & Response
Constant real-time monitoring
Cross-device event correlation
Security analytics
Real-time isolation
© 2014 IBM Corporation
A Moment on Privacy
Image Credit: Outside the Beltway
© 2014 IBM Corporation
Six Tips for IoT Security
1. Design for zero trust
2. Focus on detection and isolation
3. Control the edges
4. Know your data
5. Encrypt end-to-end
6. Strip out PII & Design for Opt In
© 2014 IBM Corporation