The internet of things universe lacks standards, with devices running mostly on proprietary operating systems and codebases, making the potential surface area of attack a lot larger, says Thilak Ramanna, head of APAC field engineering operations at Wind River, a unit of Intel.
The development of standards for IoT devices would help ensure that the right amount of security is baked into both hardware and software, Ramanna contends.
A "bottom-up" approach to IoT security is essential, starting with the hardware as the "root of trust" and then addressing the operating systems and applications, Ramanna says in an interview with Information Security Media Group.
"Security cannot be an afterthought," he stresses. "You cannot build your systems and your network topology and then start thinking about security. Security has to be designed in right from the beginning."
Re-Engineering Controls
Any security strategy in the IoT space needs to be relevant to all form factors of devices and have the ability to scale, he says. "Whatever controls and measures have evolved in the IT space over the last 25 years, we need to take those and re-engineer them to the complexities of the device side of the world," he says. "This is going to be one of the bigger challenges, especially since there is no standardization available on the IoT side of the world and the device market is too fragmented."
In this exclusive interview (see audio player below image), Ramanna also discusses:
The challenges involved in securing IoT; The multiple aspects of IoT security; What departments in an organization are best equipped to handle IoT security.Ramanna, who heads field engineering operations for the APAC region at Wind River, an Intel company, has more than 15 years of experience in design, engineering, project management, product management, sales and marketing. He's a frequent speaker on IoT at industry events, and holds a master's degree in software systems from BITS, Pilani.