IoT and Security: Protecting Data in the Internet of Things

Published On: 18th June 2020//3.5 min read//Tags: , , , , , //

The internet of things (IoT) – the interconnection of everyday devices via networks that facilitate interactions, including the exchange of data – is an ever-present force in the contemporary world. Whether in our personal or professional lives, we seem to always be “connected” to IoT endpoints.

The growth of these types of network capacities comes with huge potentials, as well as new threats. The IoT has brought everything from shopping to new communications technologies to our fingertips. It has also proliferated networking in innovative ways. For example, using the IoT, smart cities have moved towards automating parts of city infrastructures. But the IoT also faces significant security risks, as these devices and networks have become subject to cyber attacks.

To give just three examples: beginning in 2016, the Mirai botnet attacked individual IoT devices and took down portions of the internet; in 2017, a cyber attack on Dallas’ emergency alarm system set the alarm system off; and in 2018, a ransomware attack shut down many of the city of Atlanta’s online payment systems. All of these cases show that proper consideration must be given to IoT and security, as well as the need for adequate cyber security measures to protect IoT enabled devices and networks.

To further illustrate the point, let’s take a hypothetical company, AKA Lighting Inc., which is responsible for the installation, maintenance, and updating of numerous lighting deployments across a large port city in the US. The lighting systems that AKA deploys are intelligent systems that regulate lighting and traffic signals throughout the city. To create this system and maintain proper management of it, each light communicates with an edge gateway that ties into the city’s IT systems. These IT systems are responsible for monitoring the health of the lighting grid as well as passing software updates to the endpoints. The problem is that each edge gateway and endpoint sends information and receives updates that are vulnerable to cyber attacks. Anything that is online is connected and potentially subject to penetration.

The first step to approaching IoT and security is encrypting data at rest and in transit. But managing hundreds to thousands of encryption keys is a complex and challenging task. This is precisely where StorMagic SvKMS comes into play.

After encrypting all of their data, AKA can use SvKMS to store, manage, and provision encryption keys across their lighting management ecosystem. For starters, this meets regulatory compliance, which mandates the separation of encryption and key management roles. Additionally, SvKMS would provide a dynamic, automated encryption key management service.

Manual key management opens up a myriad of potential issues, including the time and effort required to undertake the key management process. SvKMS can automate key management with a robust, modern, and secure REST API. With this system, the potential for human error is taken out of the equation and the possibility of corruption by internal malicious users is minimized.

At the same time, SvKMS would allow AKA to easily and quickly scale as the number of devices on their network grows. AKA would benefit from the low footprint of SvKMS, and its IoT devices could be embedded at a lower cost, while still maintaining high performance.

Likewise, AKA’s different technological environments could be brought under a single, encryption key management solution, as SvKMS would allow them to centrally store, manage, and consolidate key management functions across multiple platforms and be embedded in different hardware platforms, including AKA’s IoT devices and edge gateways.

Finally, SvKMS would provide AKA with powerful logging and auditing capabilities, and act as a real time defense against malicious attacks. First, it provides full key management data, which can then be audited to update the key management process as necessitated by AKA’s own needs or in accordance with any regulatory changes. AKA would also be able to set alerts to notify their administrators of suspicious activity, which would then allow them to shut down workflows in the event of an attack or unauthorized access.

Ultimately, StorMagic offers a flexible and robust key management solution for cases concerning IoT and security. For more information on how SvKMS can fit your IoT key encryption needs, contact us or book a demo.

Share This Post, Choose Your Platform!

Recent Blog Posts