IoT and Security: Protecting Data in the Internet of Things
Understanding the Internet of Things: A Guide to IoT and Security
The internet of things (IoT) – the interconnection of everyday devices via networks that facilitate interactions, including the exchange of data – is an ever-present force in the contemporary world: whether in our personal or professional lives, we seem to always be “connected” to IoT endpoints. The growth of these types of network capacities comes with huge potentials and new threats. The IoT has brought everything from shopping to new communications technologies to your finger tips. It has also proliferated networking in innovative ways. For example, using the IoT, smart cities have moved towards automating parts of city infrastructures. But the IoT also faces significant security threats, as these devices and networks have become subject to cyber attacks. To give just three examples: beginning in 2016, the Mirai botnet attacked individual IoT devices and took down portions of the internet; in 2017, a cyber attack on Dallas’ emergency alarm system set the alarm system off; and in 2018, a ransomware attack shut down many of the city of Atlanta’s online payment systems. All of this shows that proper consideration must be given to IoT and security, as well as the need for adequate cyber security measures for your IoT enabled devices and networks.
To further illustrate the point, let’s take a hypothetical company, AKA Lighting Inc., which is responsible for the installation, maintenance and updating of numerous lighting deployments across a large port city in the US. The lighting systems that AKA deploys are intelligent systems that regulate lighting and traffic signals throughout the city. To create this system and maintain proper management of it, each light communicates with an edge gateway that ties into the city’s IT systems. These IT systems are responsible for monitoring the health of the lighting grid as well as passing software updates to the endpoints. The problem is that each edge gateway and endpoint sends information and receives updates that are vulnerable to cyber attacks – anything that is online is connected and possibly subject to penetration. The first step to approaching IoT and security is encrypting data at rest and in transit. But managing encryption keys is a complex and challenging task. This is precisely where KeyNexus’ Unified Key Manager (UKM) comes in to play.
After encrypting their data at rest and in transit, AKA can use KeyNexus’ UKM to store, manage and provision encryptions keys across their lighting management ecosystem. To begin with, this meets regulatory compliance, which mandates the separate of encryption and key management roles. But, more than this, our UKM would provide a dynamic, automated key management service. Manual key management opens up a myriad of potential issues, including the time required to undertake the key management process. Our UKM can automate key management with a robust, modern and secure REST API. With this system, the potential for human error is taken out of the equation and the possibility of internal malicious users is minimized. At the same time, our UKM would allow AKA to easily and quickly scale as the number of devices on their network grows: AKA would benefit from the low footprint of our UKM, and its IoT devices could be embedded at a lower cost, while still maintaining high performance. Likewise, AKA’s different technological environments could be brought under a single, unified key management solution, as our UKM would allow them to centrally store, manage, and consolidate key management functions across multiple platforms and be embedded in different hardware platforms, including AKA’s IoT devices and edge gateways. Finally, our UKM would provide AKA with powerful logging and auditing capabilities, and act as a real time defense against malicious attacks. First, it provides full key management data, which can then be audited to update the key management process as necessitated by AKA’s own needs or in accordance with any regulatory changes. AKA would also be able to set alerts to notify their administrators of suspicious activity, which would then allow them to shut down workflows in the event of an attack, making sure that only authorized users are able to access their system.
Ultimately, KeyNexus offers a scalable and dynamic key management solution for cases concerning IoT and security. For more information on how KeyNexus can fit your IoT key encryption needs, contact us or request a demo.