A necessary integration from the first stages of the project deployment
Ensuring the security of connected objects (IoT) is a pressing need and must be integrated from the early stages of the project. To succeed in a secure deployment that respects regulations, the skills of an integrator must include mastery of infrastructure as well as that of compliance and cybersecurity.
In a previous article, we discussed the topic of IoT from the perspective of the skills needed to successfully deploy a data collection and analysis infrastructure. In this article, we discuss the issue of security of IoT objects and networks.
Without confidence in data and device security, businesses will be reluctant to embrace IoT. Users, on the other hand, are concerned about their privacy and the security of the data that is collected by IoT systems. Companies must therefore ensure a double constraint of compliance and cybersecurity. Two concepts that go hand in hand and must be integrated into the deployment process from the first stages.
The need for a secure and adaptive architecture
Taking security into account from the start results in a secure and adaptive architecture. It helps to reduce difficulties during the deployment phase.
Unfortunately, many companies only vaguely care about the vulnerabilities that IoT presents and focus more on the cost savings and convenience it offers. Indeed, deploying secure and regulatory compliant systems is a challenge, as it requires proven skills and expertise in networks and cybersecurity. This must be part of the parameters to be integrated from the ideation phase. To do this, it is about putting in place the necessary cybersecurity skills and having them work as a team with the infrastructure team.
Implementing multilevel security is a challenge
Who says IoT says multiplication of end points connected to the network and therefore a proportional increase in cyber risks. In the process of deploying an IoT network, security must be integrated at all levels, because this ecosystem is a chain of information collection and processing that includes several possible entry points: objects themselves, from the network and from the administration stations for example.
“Cybersecurity and regulatory compliance, in this case GDPR, are the two imperatives that must be kept in mind at all times,” said Jonathan Khattir, technical director at Wixalia. We incorporate security bricks into network access systems and a specific security policy applies to each object.”
This is because access is protected by an encrypted authentication process and none of the objects can connect to the network without being duly authenticated. These safeguards are made necessary and reinforced by a maintenance contract which includes regular updates in order to address the vulnerabilities that may appear over time.
Each object receives its security profile
Unfortunately, competitive imperatives in the fiercely competitive IoT market often place security as a lower priority for manufacturers than time to market.
« First and foremost, IoT players are hardware manufacturers, says Christophe Le Reun, technical director at Wixalia. Manufacturing costs, pulled down by fierce competition, do not allow them to develop sophisticated OS. Their updates mainly focus on fixing bugs, and possibly some security fixes. The problem is that these updates are not tracked over time, they usually stop after a year or two ».
To overcome this intrinsic security deficit, Wixalia has developed a solution to secure each object connected to the network. They all individually receive a specific security profile, with very strict rules. For example, a camera can only communicate with a specified video recorder. This precaution prevents any redirection of the video stream to another recorder.
A single point of contact for customers
Like any IoT deployment project, the multiplication of contacts and stakeholders can be a brake on the success of the project. « We are part of an ecosystem in which we pool our skills, explains Jonathan Khattir. Wixalia is particularly specialized in network infrastructures, and we integrate the compliance and cybersecurity expertise of Cinalia, the strategic consulting, cybersecurity and software engineering division of Synelience Group, into our IoT deployments. ».
Cinala has developed its expertise in cybersecurity technologies and processes in the highly demanding healthcare market. “We offer a one-stop-shop for our clients in order to avoid the dispersion of information and the complexity inherent in the multiplication of contacts“, concludes Jonathan Khattir.