Device security requirements
Before selecting an IoT security framework, it is important to step back and look at the requirements at both device and system levels. Security requirements for IoT devices must take into consideration the cost of a security failure (economic, environmental, social, etc.), the likelihood of attack, possible attack vectors, and the cost of implementing a security solution.
Security capabilities needing consideration are:
- Secure boot;
- Secure firmware updates;
- Secure communication;
- Data at-rest protection;
- Embedded firewall and intrusion detection;
- Key and certificate management;
- Integration with security management systems;
- Security policy management;
- Security event reporting.
A security framework, such as the Floodgate Security Framework, provides an integrated suite of security building blocks (Fig. 2).