Internet of Things (IoT) security is not a one-off, but a set of active, regular, and ongoing actions and strategies that make a system constantly secure and protected. In that sense, understanding how your IoT solutions provider handles and approaches security is key to your peace of mind and the future of your system.
At EVALAN, we prioritize security and thus implement a security by design strategy. This means that we integrate multiple security policies at ones, as we view security in a holistic way. Our approach requires the incorporation of security from initial stages across the entire system and throughout its lifecycle.
“The security of IoT deployments depends on the protection of all its components.”
Layers, layers and layers.
To secure all the components that make an IoT system, multiple layers of security need to be added to each one of them. For us, this means building the IoT system from the ground up and avoiding bad practices such as bolt-on engineering, which builds on top of partially existing systems by adding software components to it.
Building with security in mind includes creating reliable and state-of-the-art defenses for:
- Installed hardware.
- The cloud environment.
- And the way data is accessed.
Security by design
Our IoT devices have a secure element installed which provides them with individual encryption so that secure bi-directional communication can be established between the device and the cloud.
The connection between our IoT devices and our cloud is done based on identity certificates, which means that the devices will only communicate to the cloud that it “knows and trusts” and the cloud will only talk to the device when the identity was verified, and consent was given. Furthermore, connections follow standards and best practices such as enforcing the latest protocols and encryption algorithms. To that effect, all communication is encrypted in our system.
“In essence, our design creates an immutable root of trust.”
Secure updates
The faster you can react, the more secure an IoT system is. In that sense, we run continuous testing and keep up to date with the latest security recommendations about cryptographic algorithms. In addition, with over-the-air (OTA) updating we can quickly replace any device’ firmware, add extra protection or switch them to a newer and more secure encryption algorithm.
As such, if (during our active monitoring of devices) we were to encounter a scenario where a device is compromised, we would be able to shut it down by invalidating its certificate which would prevent it from ever communicating to the cloud again. This means that one compromised device will not compromise others.
“OTA updating enables future-ready IoT solutions.”
Secure data access
By design, the access to data is separated by several layers. Access to any data is done through accounts which control which objects a given user can access. On top of that we have implemented role-based access control (RBAC) policies that allow us to fine-grain access based on specific functionality, specific users, and specific roles. This means that users will only be granted the set of permissions and functionalities that they need for their projects, thus limiting the attack surface should an account be compromised.
Moreover —to add on the data topic— it is relevant to mention that our systems always consider the sensitivity of data (including double consent requirements for data about location, for example), and do not store or send personal information. The latter makes all our systems compliant with the General Data Protection Regulation (GDPR).
“EVALAN is the IoT partner that keeps dependencies up to date, follows best practices and encrypts everything possible.”
For more information
Send us an email to info@evalan.com
Or book a meeting with us here.