Addressing Security Issues Posed by IoT Devices in Connected Buildings
As buildings begin to reopen and building projects resume, there is an increased emphasis on creating healthier and more productive working environments.
In many instances, new technologies coupled with various IoT devices will be used to implement new protocols, enhance on-premise safety and hygiene, and offer more connectivity options to remote and on-site workers. That puts an additional premium on managing the security of these connected devices and systems.
If there is a weakness or vulnerability into these devices, for example, it may breakdown communication in systems designed to make buildings safer and more efficient.
The cybersecurity threat landscape continues to evolve and requires the use of innovative security models and sophisticated prevention techniques to protect the devices in facilities and commercial office buildings. In the Internet of Things (IoT) industry alone, attacks against devices increased more than 200% in 20181.
To adapt, all entities, stakeholders, suppliers and vendors need to redefine their cyber strategy, bringing security into the center of any project and ensuring that any products used in facilities include the highest possible security standards.
On the product development side, vendors have options and can choose from numerous IT security frameworks and standards. While these standards seek to provide guidance to various industry sectors regarding the prevention of data breaches, no framework yet comprehensively addresses the cybersecurity challenges for Internet of Things (IoT) architecture and connected systems.
Certainly, there are security models for individual IoT devices, but when these devices are integrated, there needs to be an end-to-end framework to specifically address and securely govern the entire IoT ecosystem.
A smart building or any building with connected technologies should be considered as a part of the IoT ecosystem. Other components of the IoT ecosystem may include smart devices, network protocols, controllers and gateways, remotes, sensors and, mobile and desktop applications. Some solutions collect data from the network and smart devices to build useful business analytics.
Recognizing the need for a comprehensive high-level security model for vendors in the IoT industry, Acuity Brands has developed a security framework (below), that provides guidelines to address fully embedding security concepts into all aspects of IoT products, software and services.
Image: This framework is proprietary to Acuity Brands.
The framework considers potential security concerns and risks during the development lifecycle of all connected products, both alone and as they are deployed together in connected solutions.
These guidelines include:
- Utilizing a framework that supports the long-term security strategy for products
- Embedding security into the entire end-to-end architecture
- Proactively securing all connected and smart products during their development lifecycle
- Monitoring and managing risks after products are developed
Components of Acuity Brands’ Secure IoT Framework
Acuity Brands’ Secure IoT Framework was designed to provide guidance that is flexible and interactive yet provides structure. The modular framework embeds core security concepts throughout the Software Development Lifecycle (SDLC) process; examines and monitors the security of mobile apps, devices, gateways, up to and including interactions with the cloud services; brings concepts of security visibility and enforcement; and incorporates all aspects of governance including security policies, compliance and risk management.
Securing a digital future means that all vendors need to commit to the highest security standards and fully embed security concepts into their connected solutions including products, software and services. Therefore, the Secure IoT Framework helps all vendors and manufacturers of IoT products to advance the security and deployment of connected solutions together.
Learn more about this framework and Acuity Brands’ commitment to developing and maintaining secure products.
About the Author:
Jazib Frahim leads the product security and architecture team within Acuity Brands. He has been in the Information and Cyber Security domain for over 20 years and spent almost all his professional life in securing IT and IoT infrastructures.
Jazib developed many Cyber-Security solutions, frameworks and methodologies that focus on information protection and business agility. These solutions are designed to align with market trends, customer needs & growth targets. He has authored 6 books, has 6 (issued and pending) patents and has presented at various executive forums, CISO Seminars and major industry events.
This article was written and sponsored by Acuity Brands.