A guidance based on selected experiences at Bosch
At Bosch, we believe that the correct handling of security and privacy is the key to unlocking the full potential of the Internet of Things.
Recent examples of IoT-related security breaches support this view. They show us that the immense promise of “connected everything” is counterbalanced by the equally immense challenge of securing billions of devices that are not always designed or set up to function securely when connected to the internet.
"IoT devices being increasingly used for DDoS attacks"
Such examples further underscore the importance of trust as the key enabler for society to accept the innovations that arise out of the IoT. Without trust in the security, reliability, and safety of cyber-physical systems, broad adoption of connected products will not be achieved, and the tremendous associated market opportunities will also not materialize as expected.
What is the focus of this white paper?
In this white paper, we will offer guidance that is based on selected experiences at Bosch that we have collected while delivering solutions and supporting infrastructure for connected products. We cover two broad areas of activity that comprise essential functions in dealing with the challenges of IoT security: implementing an IoT-aware secure solution lifecycle process and deploying specific technology mechanisms suited to meet the security and privacy challenges of IoT devices, infrastructures, and solutions.
In addressing these topics, we will also highlight two important themes that distinguish IoT-related security management:
1. Why it is essential to consider the full technology stack from back-end solution components through middleware and network infrastructure and all the way out to edge networks, gateways, and devices.
2. Why full solution lifecycle thinking should be applied, from conception and design through test and validation to operation and end-of-life decommissioning.
These themes arise from the fact that IoT systems commonly extend beyond the traditional boundaries of enterprise IT, i.e., outside the limits of protected data centers and private networks that fall within enterprise IT’s direct control. Such systems also typically contain service components that require ongoing operation and bring added complexity to the challenge of managing security throughout the solution lifecycle. With these shifts, the traditional focus on establishing a strong security perimeter in the enterprise, while still necessary, is not sufficient to address the security challenges of IoT.