LAUNCH SECURE IOT SOLUTIONS WITH OUR IN-DEPTH EXPERTISE IN IOT SECURITY
With the convergence of the physical and computer worlds, IoT poses unique security, privacy and compliance challenges for your Connected Products and Smart Services business.
Your IoT solution must offer multilayer protection from the edge to the cloud securing the device, network and the cloud. This encompasses the secure provisioning of physical devices, secure connectivity and data transmission between them and the cloud, and secure data protection in the cloud during processing and storage.
Thinxtream possesses extensive expertise in diverse aspects of IoT security for your IoT solutions. We have built a comprehensive database of security best practices, checklists and test cases for design, coding, test, deployment and operation phases.
Do you have an IoT security strategy for your IoT solution?
Connect with us today to build a comprehensive IoT security strategy.
IOT SECURITY PRACTICES
Thinxtream follows robust security practices in designing your IoT solutions. These practices are constantly reviewed and upgraded as new security threats emerge.
- Provisioning IoT devices and IoT solutions with unique identities and credentials
- Using cryptographic credentials and hardware protected stores like TPM and HSM for storing credentials
- Implementing strong authentication and policies for access control
- Creating trust boundaries and enforce access control on all access from outside those boundaries
- Identifying entry points which could lead to forging, spoofing and unauthorized escalation of privileges
- Using encrypted channels for communication from IoT device to IoT cloud
- Protecting confidentiality and integrity of short and long-range communication channels used for data, administration, and deployments
- Building CICD pipeline for streamlining security updates to devices and systems
- Using version-controlled, digitally-signed and authenticated connections for deploying updates
- Carrying out continuous risk assessment and mitigation, automate security auditing and monitoring mechanisms
- Monitoring device, network and backend servers for any unexpected behaviour
- Maintaining and exercising an incident response plan for problem containment and recovery
- Identifying key risks and mitigation plans for your system by preparing a threat model for the system
- Minimizing the attack surface of the system
- Removing unused interfaces, services, and devices to reduce the surface area and regularly review the surface of minimization
- Avoiding unnecessary data storage, access, and transmission
- Stopping collection of unused data and adjust the retention period
- Transmitting data only to systems with strict security access controls
- Monitoring vulnerability disclosure and threat intelligence sources
- Staying tuned to vulnerability disclosures, attacks in public domain and assessing the risk to your system
How secure is your business, customer and device data?
Connect with us today to build a secure IoT solution.
IOT SECURITY EXPERTISE
Thinxtream follows secure SDLC principles in all IoT projects. We use tools, both free and licensed, to gauge the security of your IoT solution. Our engineering teams write scripts for various security tools, execute the workflows, generate reports, and analyse the results. Our operations teams configure network and computing infrastructure – Firewalls, HTTP Proxies, Virus protection, OS patches, etc. – for mitigating security issues.
- OWASP Top 10 IoT vulnerabilities risks and the mitigation techniques
- Best practices from Popular Secure Software Development Lifecycle processes – MS SDL (Microsoft Security Development Lifecycle), OWASP SAMM (Software Assurance Maturity Model), and NIST 800-64
- Microsoft Threat Analysis and Modelling Tool to identify and mitigate potential security issues early during software development
- Static code analysis tools such as Micro Focus® Fortify on Demand and VCG, for analysing code for standard vulnerabilities, and reporting threats and recommended fixes
- Runtime Penetration testing tools such as OWASP's 'ZAP Attack', to identify different attack surfaces from the configuration as well as by crawling and launching attacks by calling hyperlinks and APIs with standard and random inputs
- Regular security bulletins are prepared and circulated with engineering to assess the risk of new vulnerabilities and attacks on solutions in development and operations
We leverage popular IoT cloud platforms such as Azure® IoT Hub and AWS® IoT to address these security challenges successfully with end-to-end, multi layered protection.
AWS IoT Security
- Amazon Cognito®, a service for authentication and user management for web and mobile apps
- AWS Identity and Access Management (IAM) to manage access to AWS services and resources securely
- X.509 Certificate-based identity for devices
- Secure TLS based communication between device and cloud
- Amazon Free-RTOS®, AWS IoT Greengrass® OTA updates
- IoT jobs mechanism to securely update the rest of the firmware
- AWS IoT Device Defender® for continuously monitoring security compliance with best practices
- Amazon CloudWatch® and AWS CloudTrail® logs, a centralized log store for AWS services and your application along with audit records
- Amazon GuardDuty® to monitor malicious activity and unauthorized behavior
- AWS Config® to assess, audit, and evaluate the configurations of your AWS resources
- AWS security bulletins which notify customers of security and privacy events with AWS services
Azure IoT Hub Security
- Azure® Active Directory (AAD) for user authentication and authorization
- Azure IoT Hub identity registry for secure storage device identities and security keys for a solution
- In-device X.509 certificate and private key as a means to authenticate the device to the IoT Hub
- TLS 1.2 based handshake and encryption of communication between the device and the cloud
- Azure Security Center to eliminate threats with easy-to-follow steps ranked by importance and configuration suggestions to help you improve your overall security posture
- Azure Sphere to get multiple layers of defense, continuous device monitoring, OTA update and the ability to return compromised devices to a safe state
- Azure Sentinel to provide intelligent security analytics for your entire enterprise
IOT SECURITY WHITE PAPER
Securing data pertaining to Connected Devices and Smart Services is critical to protect your business, customer and device information from cyber-attacks. Read our Security in IoT White Paper to understand how AWS IoT and Azure IoT Hub platforms address secure provisioning of connected devices, secure connectivity between the connected devices and the cloud, and secure data processing and storage in the cloud.
Also read our IoT and Blockchain White Paper to see how Blockchain distributed ledger technology and public platforms such as Ethereum™ can be used to store records of transactions between connected devices in a secure manner, curtail fraud and enable the customer to enter into genuine transactions.
IoT Essentials | IoT UX | IoT Security | IoT Testing
IoT Value Proposition| IoT Business Benefits | IoT Connected Devices | IoT Smart Services | Thinxtream Advantage
IoT Devices | IoT Hardware | IoT Firmware | IoT Embedded Applications | IoT Field Gateways
IoT Cloud | AWS IoT Cloud Platform | Azure IoT Hub Cloud Platform | Contextual Commerce Service Cloud Platform | IoT Integration | IoT Big Data | IoT Machine Learning
IoT Operations | IoT DevOps | IoT Monitoring | IoT Support | IoT Maintenance | IoT Marketing
IoT Services | Scope of Offerings | Implementation Roadmap | Expertise | Business Models
Interested in discussing yourCONNECT WITH US
IoT Security needs?