Five Steps for Securing Customer Data in IoT

Are you aware of how significant the use of IoT has become in business success? Forward-thinking companies won’t be surprised by the results of a DigiCert survey that found 83% of organizations say IoT is important to businesses today. And of course, hand-in-hand with IoT is machine learning, which allows your company to extract the most useful data and use it to make better predictions and assumptions.

But with that ubiquity comes an important challenge—properly securing customer data for IoT devices. In fact, according to 80% of respondents, that is the #1 challenge.

If your company is harnessing the power of IoT and machine learning as a way to improve efficiency and customer service, you have probably worried about the inherent safety risks and what they could do to your reputation—and your bottom line. That’s an important consideration given that the same report found that 25 percent of respondents reported they had lost at least $34 million over the previous two years due to IoT security-related issues.

Here are five steps enterprises must take to secure customer data for IoT devices.

1. Authenticate each device.

Your facility likely has a system that badges employees and visitors in and out. Those access logs alert security personnel to people who shouldn’t be there or to patterns of behavior—such as whether items go missing right after a certain delivery person shows up. Similarly, companies must authenticate each device so they know what’s connected to the network and who’s logging in and for how long. This way you can spot vulnerable devices and figure out if there has been malicious intent so you can mitigate it and fix the problem.

2. Encrypt data.

The gold standard is “end-to-end encryption,” (E2EE). Data is encrypted as soon as it is captured and remains that way as it moves between systems so that only the sender and recipient can read or alter it.

3. Manage secure over-the-air updates.

One of the benefits of IoT devices is that they can be located in places that are difficult or dangerous to reach; for example, in sewer plants or oil and gas refineries. But the only way to update them remotely is by using a device management system, known as an “over-the-air” (OTA) update. If your company builds its own OTA firmware system, make sure security is a critical component; or you may decide it’s more efficient to purchase a platform. In that case, make sure that security is on  top on the list that you prioritize when considering vendors.

4. Utilize software-based key storage.

While securing devices with private keys can ensure privacy, it can be difficult in practice as it requires companies to add dedicated security chips to each device, which can be costly and impractical. Software to the rescue, as a more flexible and affordable way to manage and store private keys.

5. Implement scalable security.

It’s vital to remember that while each of your connected devices might be just one little “thing,” in aggregate, they become a lot. Then consider that each end node in your infrastructure gives hackers an entry point. If they find the same weakness in each of your devices, you are opening yourself to a full-scale attack. That’s why companies have to remember that the key to securing customer data for IoT devices is to focus on each device’s network connection, which offers access to the entire ecosystem.

"Encryption of data in transit, authentication of connections, ensuring the integrity of data -- these challenges are not new,” Mike Nelson, vice president of IoT security at DigiCert tells Security Now. “However, in the IoT ecosystem these challenges require new and unique ways of thinking… the biggest challenge is simply the scale and the magnitude of growth. Having scalable solutions is going to be critical."

That’s why companies that are focused on using IoT and machine learning to improve customer service need to focus on the #1 thing customers are most concerned about—the safety and integrity of their data.