With a massive and rising number of connected devices, the IoT ecosystem is changing and the cyber-attack surface is increasing. Gemalto offers IoT Security solutions protecting global IoT ecosystems from the edge to the cloud, by giving strong digital IDs to connected devices, by protecting IoT data at rest or in motion, and by ensuring a regular security lifecycle management.
As a majority of IoT devices are deployed in hard-to-service locations for many years, remote and future-proof security is key for their long lifecycles, to prevent unauthorized devices from joining a network, accessing global applications or cloud platforms.
With its expertise and set of IoT Security solutions and services, Gemalto strongly protect IoT devices and ensures data confidentiality and integrity at all time.
The key concept of Security by Design
Security by Design is an approach rather than a specific technology that ensures that security is built into a project deployment from the ground up. To choose the right level of security implementation, at this stage, devices, systems and networks should be viewed holistically with associated security requirements and risks in mind. Properly implemented, security by design will ensure that a unique, secure digital device ID is given at the point of manufacture and embedded at the hardware level to prevent ID theft or misuse.
At Gemalto we build security into the roots of IoT Devices by provisioning diversified digital IDs and certificates into our
Cinterion Modules. And for extra sensitive IoT applications (smart grid, automotive or healthcare, for ex.), we recommend embedding these security components into our tamper-resistant
Cinterion Secure Elements, to protect both physical and digital access.
With such protection, even the most malicious partner in the manufacturing line could not get access to device IDs for misuse of data or device cloning.
Additionally, security by design demands that scalable security solutions are in place to reduce
ad hoc or future security risk.
The importance of Security Lifecycle Management
Like traditional devices and software, the principle of regular software updates and password exchange should also apply to IoT devices. Firmware updating, access policy management and regular exchange of digital access keys is fundamental to ensure strong security policy alongside the ability to react to evolving security threats and changing regulation. If access is somehow compromised, such mechanisms will prevent future unauthorised access.
Security lifecycle management solutions should be in place to meet these needs, with the ability to receive alerts and remotely address large scale device fleets, avoiding time-consuming and costly services in the field. Implementing a scalable security infrastructure at the design stage is thus essential against approaches that could expose IoT systems to damaging security attacks.