Cloud Security Alliance outlines 13 steps to developing secure IoT products

James has a passion for how technologies influence business and has several Mobile World Congress events under his belt. James has interviewed a variety of leading figures in his career, from former Mafia boss Michael Franzese, to Steve Wozniak, and Jean Michel Jarre. James can be found tweeting at @James_T_Bourne.


The Cloud Security Alliance (CSA) has outlined a series of best practice guidelines to help IoT designers and developers understand various security measures.

Comprising a baker’s dozen of tips, the document ranges from protecting data, to implementing secure authentication, to secure key management. Naturally, these can be seen as fairly standard security tips, but the report notes that the guidance is not meant “as a substitute for understanding fundamental system security engineering methodologies and techniques, but instead aims to mitigate some of the more common issues that can be found with IoT device development.”

Evaluating programming languages is also noted in the report, giving security guidance on C, C#, C++, Erlang, Objective C, Go, Java, JavaScript, Parallel, Python and Rust among others. It’s worth noting as well that it is not just the IoT devices that need to be secured – the CSA notes that developers are usually also responsible for developing the smartphone applications that interact with the device, as well as the cloud service that collects information from it.

The full report lays out guidance on IoT device security challenges, a discussion on security options available for IoT development platforms, categorisation of IoT device types and a review of threats, as well as recommendations for secure device design and development processes.

“We hope to empower developers and organisations with the ability to create a security strategy that will help mitigate the most pressing threats to both consumer and business IoT products,” said Brian Russell, chair of the IoT working group and chief engineer of cyber security solutions with Leidos.

Naturally, the question of IoT security is one which continues to make headlines. “The next big cybersecurity issue has arrived,” argued Computer Business Review on Monday, while a day later TechRadar led with “IoT security must be tightened – or we’ll all face a world of hurt.” Speaking to this publication earlier this month Doug Zuckerman, conference chair of the IEEE Technology Time Machine event, discussed security threats on the IoT and emerging technologies.

“We just need to work on it,” he said. “I don’t think we’ll ever have anything that’s perfect, I think hackers will always be able to find a way in, but we have to do the best we can.”

You can find out more about the CSA report here. in hearing industry leaders discuss subjects like this and sharing their IoT use-cases? Attend the IoT Tech Expo World Series events with upcoming shows in Silicon Valley, London and Amsterdam to learn more.

The show is co-located with the AI & Big Data Expo, Cyber Security & Cloud Expo and Blockchain Expo so you can explore the entire ecosystem in one place.

View Comments
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *