IoTSF publishes IoT security architecture white paper

The IoT Security Foundation (IoTSF) has announced a white paper that outlines the benefits that accrue by taking a hub-based approach to connecting IoT devices and systems in the enterprise. Entitled ‘IoT Security Architecture and Policy for the Enterprise - a Hub Based Approach’, the white paper proposes a hub-centric architecture approach that will accommodate contemporary and future possibilities.

“The hub is central to the reference architecture, aggregating information and communicating directly with other devices and network elements in the IoT environment,” said Richard Marshall, Plenary Chair IoTSF. “It can be visualised at the edge of the network, providing a secure gateway for communication between networks.”

The hub architecture provides an extra layer of defence for the wider enterprise network and for those devices that may have minimal or no built-in security features. By aggregating information at a single point, all devices or groups of devices and other hubs, such as gateways deployed within the local IoT network, are managed centrally. This approach provides a robust and secure architecture beyond other options such a ‘tree’ or ‘hub-and-spoke’.

“It is important that enterprises are proactive in the way they build and manage their networks as IoT deployments increase. Good design anticipates the evolution of systems over time and extends beyond immediate requirements. Enterprises should therefore identify the primary IoT and security management needs for their organisation in advance of standard solutions becoming available,” Marshall continued.

By taking a layered approach to the security challenge and lifecycle management tools in the enterprise IoT deployment, the hub architecture supports key principles of security assurance and good practice. These include network management, connecting devices securely, software maintenance and provision for end-of-life. As a result, it may also support a number of specific compliance requirements. For example, it may help mitigate risk associated with cybersecurity and data protection regulations, such as the recent European General Data Protection Regulation (GDPR).

John Moor, Managing Director IoTSF, added: “This approach to enterprise IoT security is part of a series of hub-based architectures we are publishing that have been applied to a number of IoT contexts. Each illustrates the benefits that may accrue in the specific environment and all are considered to be a good approach to achieving common security goals of confidentiality, integrity and availability.” To download the white paper, visit the IoTSF website at: https://www.iotsecurityfoundation.org/best-practice-guidelines.

Image: ©stock.adobe.com/au/Olivier Le Moal