Michael curry security

©2012 MASSTLC ALL RIGHTS RESERVED.

How Security Shifts in the World of IoT

Michael CurryIBM

Andy ThuraiIntel

© 2014 IBM Corporation

Security in a World of Connected Things

Michael CurryIBM SWG Product Management

@mikecurr55mikecurr55.wordpress.com


The Internet of Things Creates New Concerns for Security

Zurich Insurance Risk Nexus April 2014

• Law 1:• Everything that is connected to the Internet can be hacked

• Law 2:• Everything is being connected to the Internet

http://www.zurich.com/internet/main/SiteCollectionDocuments/insight/risk-nexus-april-2014-en.pdf


If it is just machine data... how important is security?

Image Credit: SmartPlanet.com


What is Different About the Internet of Things?

• Attack surface

• Processing power

• Remote, accessible

• Lack of standards

• Threat to the physical world

Image Credit: Gill Sensors


Let’s face it – We won’t be able to secure it 100%

Image Credit: Spero News


Most Common Attacks

• Denial of Service

• Hijacking

• Spoofing

• Injection

• Sniffing/Data theft

• Viruses


Four Elements of IoT Security

1.Physical Device

2.Data

3.Network

4.Incident Monitoring & Response


1. Physical Device Security

Tamper-proofing

Secure boot

Authorization controls & geofencing

Remote software management

Device key management


2. Data Security

Data governance policy

TLS

End-to-end encryption

Application layer policies

Data masking


3. Network Security

Authentication

Authorization policy

Attack signature recognition

DoS defense


4. Incident Monitoring & Response

Constant real-time monitoring

Cross-device event correlation

Security analytics

Real-time isolation


A Moment on Privacy

Image Credit: Outside the Beltway


Six Tips for IoT Security

1. Design for zero trust

2. Focus on detection and isolation

3. Control the edges

4. Know your data

5. Encrypt end-to-end

6. Strip out PII & Design for Opt In


Technology

Michael curry security