Placed on – 6 October 2022

IoT security: make sure your system has state-of-the-art defenses 

Keeping an IoT system secure is an ongoing task.
IoT security

Internet of Things (IoT) security is not a one-off, but a set of active, regular, and ongoing actions and strategies that make a system constantly secure and protected. In that sense, understanding how your IoT solutions provider handles and approaches security is key to your peace of mind and the future of your system.  

At EVALAN, we prioritize security and thus implement a security by design strategy. This means that we integrate multiple security policies at ones, as we view security in a holistic way. Our approach requires the incorporation of security from initial stages across the entire system and throughout its lifecycle. 

“The security of IoT deployments depends on the protection of all its components.” 

Layers, layers and layers. 

To secure all the components that make an IoT system, multiple layers of security need to be added to each one of them. For us, this means building the IoT system from the ground up and avoiding bad practices such as bolt-on engineering, which builds on top of partially existing systems by adding software components to it.  

Building with security in mind includes creating reliable and state-of-the-art defenses for: 

  1. Installed hardware.  
  2. The cloud environment. 
  3. And the way data is accessed.  

Security by design 

Our IoT devices have a secure element installed which provides them with individual encryption so that secure bi-directional communication can be established between the device and the cloud.  

The connection between our IoT devices and our cloud is done based on identity certificates, which means that the devices will only communicate to the cloud that it “knows and trusts” and the cloud will only talk to the device when the identity was verified, and consent was given. Furthermore, connections follow standards and best practices such as enforcing the latest protocols and encryption algorithms. To that effect, all communication is encrypted in our system.  

“In essence, our design creates an immutable root of trust.”  

Secure updates 

The faster you can react, the more secure an IoT system is. In that sense, we run continuous testing and keep up to date with the latest security recommendations about cryptographic algorithms. In addition, with over-the-air (OTA) updating we can quickly replace any device’ firmware, add extra protection or switch them to a newer and more secure encryption algorithm. 

As such, if (during our active monitoring of devices) we were to encounter a scenario where a device is compromised, we would be able to shut it down by invalidating its certificate which would prevent it from ever communicating to the cloud again. This means that one compromised device will not compromise others. 

“OTA updating enables future-ready IoT solutions.” 

Secure data access 

By design, the access to data is separated by several layers. Access to any data is done through accounts which control which objects a given user can access. On top of that we have implemented role-based access control (RBAC) policies that allow us to fine-grain access based on specific functionality, specific users, and specific roles. This means that users will only be granted the set of permissions and functionalities that they need for their projects, thus limiting the attack surface should an account be compromised. 

Moreover —to add on the data topic— it is relevant to mention that our systems always consider the sensitivity of data (including double consent requirements for data about location, for example), and do not store or send personal information. The latter makes all our systems compliant with the General Data Protection Regulation (GDPR).  

“EVALAN is the IoT partner that keeps dependencies up to date, follows best practices and encrypts everything possible.” 

For more information 

Send us an email to info@evalan.com

Or book a meeting with us here

Share this article

Our success cases

Shifter – Smart time registration system

Handicart – IoT Fleet Management System

More Blogs

Energy & WaterIndustry

Dynamic Load Balancing for Optimization and Peak Shaving

Exceeding contract limits used to result in an automatic increase of the agreed peak power. In the age of grid congestion it can lead to contract termination and law suits.
Energy & WaterIndustry

Announcing BACE Panel for Rapid Deployment of Assets in an IoT Platform

BACE Panel has been updated with new tools such as a library of Modbus Templates. You can also store your own Templates, to make onboarding your own assets even faster.
Energy & WaterIndustry

Breaking Down your Energy Consumption with Sub-Metering

Sub-metering delivers essential information that is needed to meet ESG objectives and comply with new regulations, such as the CSRD.
Energy & WaterIndustry

IT and OT – Focus on Bridging the Gap

BACE was developed to bridge the gap between IT and OT. What does that mean and why is this relevant for you?
Industry

Remote Monitoring and Control in today’s Data-Driven World

Test your Remote Monitoring or Remote Control Use Case with a few simple steps. Benefit from years of IoT experience and eliminate the need for in-house IoT development.
Industry

IoT and the Hype Cycle – how are we doing with that?

Gartner’s Hype Cycle illustrates the journey of new technologies. Where is IoT in this cycle?

"We solve problems with IoT solutions to give your business a competitive advantage."