Internet of Things (IoT) connected devices is no longer a niche market. They’ve become an everyday part of modern life, both in personal and professional contexts. In fact, Gartner estimates that close to 20bn IoT-connected devices will be online by the year 2020.
Breaches and guidelines
One problem with such devices is the alarming number of major breaches we’ve seen over the past few years. One way of combating this would be for organizations to implement a set of guidelines to ensure secure deployment and development of IoT devices. At the center of these standards should be solutions that emphasize identity, in order to boost IoT security by managing the relationships between such devices, the entities that are in control of them, and the data that is being both sent and received.
OWASP vital for 2018
The OWASP Foundation, an international non-profit organization focused on security, can help to create such guidelines and drive criteria for organizations to follow. That’s what makes the project such a necessary tool for 2018 and beyond. In fact, OWASP has started a new project to help with this exact goal. The OWASP Internet of Things Project was developed to assist consumers, developers, and manufacturers to gain a better understanding of security issues related to the Internet of Things, and to provide users with an opportunity to make more informed security decisions, with regards to assessing, or deploying IoT technologies.
OWASP’s top 10 lists
With an emphasis on enhancing web security, OWASP published its inaugural Top 10 list of app security risks in 2003. The list is updated frequently and re-released every few years. It has been deployed in numerous organizations as a tool to aid security awareness to mitigate the richest vulnerabilities, as well as during code reviews by security professionals. OWASP’s 2017 Top 10 is an updated version of the 2013 Top 10. It takes into account security issues that came about from the rapid, widespread take-up of emerging technologies, such as APIs, containers, and the cloud. It also factors in development of attack vectors and automated software development processes.
OWASP security concepts have seen worldwide adoption. OWASP has over 65 organizational supporters, more than 46,000 participants, and numerous academic followers. The approach by the voluntary project has proven to be a successful model for improved web app security since 2001. After this success, Craig Smith and Daniel Miessler became project leaders in the OWASP IoT Security Project.
A holistic approach
A key stance Smith and Messier take is that IoT security isn’t about the thing, but rather a holistic security approach with each element needed to be taken on board, from the network interfaces to the mobile app to the cloud to the IoT device. This approach further includes physical security, USB ports, use of authentication and encryption, and the software.
In 2001, OWASP was simply a concept. Since then, however, it has evolved into a methodology and standard to ensure that security for web pages is integrated into webpage code and design. The OWASP IoT Security Project remains in its infancy, but is progressing with superb references and ideas for security professionals concerned over IoT confidentiality, integrity, and availability. Chech this best app reviews at Spyzie app reviews.