A Method to the Madness: How to Think About Security, Privacy for IoT (Independent Security Evaluators Blog)


As we enter a new year — a year in which IoT is expected to continue it explosive adoption trend — it is important to continue to be mindful of the basic tenets of how to build and deploy connected devices in ways that deliver robust considerations of both security and privacy. It is also important to keep in mind that these are distinct concepts, even though they are often conflated: Privacy is the decision about who can or cannot access data, while security is the integrity of decisions about access being carried out effectively.

Here are some practical and implementable actions that both manufacturers and purchasers of connected devices can follow in an effort to deploy resilient systems. It is imperative however to keep in mind that the security architecture around your device will be very much dependent on your use-case, and those unique aspects should heavily influence all decision making you do around both security and privacy.