by Mark Johnson
We’re pleased to announce that 10th Magnitude has partnered up with Microsoft and has joined the new Security Program for Azure IoT as an auditing partner. This fantastic program seeks to reduce risk in IoT deployments by connecting customers to partners who know the best practices and standards in securing IoT.
Microsoft has implemented extensive security measures that guard Azure and Windows 10 IoT Core, but IoT deployments present many unique risks: wireless protocols, limited physical security around devices, limited (if any) physical access to the device for the manufacturer and acceptable loss of connectivity to name a few. In the end, an IoT deployment is only going to be as secure as the code and the device that runs it.
To protect our clients from the potential risks associated with IoT, 10th Magnitude has developed an extensive Azure IoT Security Framework. Our security auditors use this framework, along with our tools and experience, to examine an IoT solution in a comprehensive way—from code to device to connectivity to cloud. As a trusted security auditor in the program, 10th Magnitude will analyze your solution holistically to find weaknesses and gaps in IoT deployments.
Our approach to an IoT security audit has three phases:
Evaluation (“Find the Gaps”)
End-to-end security in IoT requires thorough evaluation. Those evaluations include threat modeling, cloud assessments, application security reviews, encryption reviews, penetration testing, authentication and access control reviews, privacy reviews and much more.
Training (“Teach a Man to Fish”)
Evaluating the risks in an IoT solution only identifies the risks at that particular time. Training teams to build secure solutions will reduce risk now—and for any future development. Beyond building secure solutions, a team’s ability to respond to threats quickly and effectively will separate the men from the boys. That’s why training in remote monitoring, data analysis and remediation planning are immensely valuable in responding to threats.
Remediation (“Fill the Gaps”)
After finding the security gaps, it’s time to fill them. As part of our IoT security audits, 10th Magnitude provides tactical solutions to the identified risks, as well as best practices to avoid introducing similar risks in the future.
Ready to beef up security in your current IoT environment? Email us to see if you quality for an IoT Security Assessment with our team of specialists.
Looking to implement IoT in your organization? Download our latest infographic, “The ROI of IoT,” to learn more about our Azure IoT Proof of Concept.