Cloud Security Alliance outlines 13 steps to developing secure IoT products


The Cloud Security Alliance (CSA) has outlined a series of best practice guidelines to help IoT designers and developers understand various security measures.

Comprising a baker’s dozen of tips, the document ranges from protecting data, to implementing secure authentication, to secure key management. Naturally, these can be seen as fairly standard security tips, but the report notes that the guidance is not meant “as a substitute for understanding fundamental system security engineering methodologies and techniques, but instead aims to mitigate some of the more common issues that can be found with IoT device development.”

Evaluating programming languages is also noted in the report, giving security guidance on C, C#, C++, Erlang, Objective C, Go, Java, JavaScript, Parallel, Python and Rust among others. It’s worth noting as well that it is not just the IoT devices that need to be secured – the CSA notes that developers are usually also responsible for developing the smartphone applications that interact with the device, as well as the cloud service that collects information from it.

The full report lays out guidance on IoT device security challenges, a discussion on security options available for IoT development platforms, categorisation of IoT device types and a review of threats, as well as recommendations for secure device design and development processes.

“We hope to empower developers and organisations with the ability to create a security strategy that will help mitigate the most pressing threats to both consumer and business IoT products,” said Brian Russell, chair of the IoT working group and chief engineer of cyber security solutions with Leidos.

Naturally, the question of IoT security is one which continues to make headlines. “The next big cybersecurity issue has arrived,” argued Computer Business Review on Monday, while a day later TechRadar led with “IoT security must be tightened – or we’ll all face a world of hurt.” Speaking to this publication earlier this month Doug Zuckerman, conference chair of the IEEE Technology Time Machine event, discussed security threats on the IoT and emerging technologies.

“We just need to work on it,” he said. “I don’t think we’ll ever have anything that’s perfect, I think hackers will always be able to find a way in, but we have to do the best we can.”

You can find out more about the CSA report here. in hearing industry leaders discuss subjects like this and sharing their IoT use-cases? Attend the IoT Tech Expo World Series events with upcoming shows in Silicon Valley, London and Amsterdam to learn more.

The show is co-located with the AI & Big Data Expo, Cyber Security & Cloud Expo and Blockchain Expo so you can explore the entire ecosystem in one place.

Related Stories

Leave a comment


This will only be used to quickly provide signup information and will not allow us to post to your account or appear on your timeline.