Enterprise IoT Security Architecture and Policy Whitepaper Announced

The hub-based approach provides a user-friendly centralised management solution

Release Date: 15^th November, 2018

The IoT Security Foundation (IoTSF) announces today a new whitepaper that outlines the benefits that accrue by taking a hub-based approach to connecting IoT devices and systems in the enterprise. Entitled: IoT Security Architecture and Policy for the Enterprise – a Hub Based Approach the whitepaper proposes a hub-centric architecture approach that will accommodate contemporary and future possibilities.

“The hub is central to the reference architecture, aggregating information and communicating directly with other devices and network elements in the IoT environment,” says Richard Marshall, Plenary Chair IoTSF. “It can be visualised at the Edge of the network, providing a secure gateway for communication between networks.”

The hub architecture provides an extra layer of defence for the wider enterprise network and for those devices that may have minimal or no built-in security features. By aggregating information at a single point, all devices or groups of devices and other hubs, such as gateways deployed within the local IoT network, are managed centrally. This approach provides a robust and secure architecture beyond other options such a ‘tree’ or ‘hub-and-spoke’.

“It is important that enterprises are proactive in the way they build and manage their networks as IoT deployments increase. Good design anticipates the evolution of systems over time and extend beyond immediate requirements. Enterprises should therefore identify the primary IoT and security management needs for their organisation in advance of standard solutions becoming available” continues Marshall.

By taking a layered approach to the security challenge and life cycle management tools in the enterprise IoT deployment, the hub architecture supports key principles of security assurance and good practice. These include network management, connecting devices securely, software maintenance and provision for end-of-life. As a result, it may also support a number of specific compliance requirements. For example, it may help mitigate risk associated with cyber security and data protection regulations, such as the recent European General Data Protection Regulation (GDPR) or support adoptions of the US Cybersecurity Information Sharing Act (CISA).

John Moor, Managing Director IoTSF adds “This approach to enterprise IoT security is part of a series of hub-based architectures we are publishing that have been applied to a number of IoT contexts. Each illustrates the benefits which may accrue in the specific environment and all are considered to be a good approach to achieving common security goals of confidentiality, integrity and availability”.

To download the whitepaper, please visit the IoTSF website at: https://iotsecurityfoundation.org/best-practice-guidelines