IoT Security Considerations and Now Micro IoT Player
IoT security has become a discussion point in many organizations after recent reports of compromised IoT devices crippling critical pieces of internet infrastructure via Distributed Denial of Service (DDOS) attacks. Recent digital compromises of high profile companies, organizations combined with these DDOS attacks has raised the visibility of IoT/Embedded device security and placed critical questions near the top of any organizations device selection criteria.
In the future, these will be key points when selecting IoT products:
- Does the device get security updates in the field?
- How long will the device receive security updates?
- Does the device have hardcoded/hidden device management credentials?
- How deeply can the device be managed to mitigate potential future issues?
We have gone above and beyond addressing these questions in our Now Micro IoT Player solution:
- Windows 10 IoT Core Pro uses trusted and maintained Windows Update infrastructure
- Windows 10 IoT Core Pro is supported with 10 years of security patching
- Now Micro IoT Player does not have hardcoded device management credentials
- The device can be fully managed with a variety of open management solutions
The basis of a secure IoT device is the operating system/firmware choice. For the Now Micro IoT Player, we have chosen to use Windows 10 IoT Core Pro, which is a low-cost, low-overhead operating system. We introduced this OS in a previous blog post. Above the choice of an operating system, it is important to consider total stack security when developing the scripts, agents and apps that are necessary to deliver a complete solution.
IoT devices will be judged by these criteria and more in the future as device count grows and security becomes a more prominent issue. Understanding what questions may be asked is important to having a secure, supportable solution.