Here are Microsoft's recommendations for managing IoT security

[MMT]

 

 

Microsoft has noted that companies have multiple security concerns when managing the security of IoT solutions such as data privacy, network security, encryption protocols, software and firmware updating, credentials, and secure provisioning, among many other things. The Redmond firm notes that IoT security breaches can have a negative impact of operation, revenue, customers, as well as compliance and regulation.

As such, Microsoft has emphasized on four steps to manage IoT security within your organization. These are as follows:

1. Understand how to secure your environment
2. Identify and mitigate potential security issues within your design
3. Maintain a security maturity model (SMM)
4. Follow Microsoft's Zero Trust security principles

It has also identified seven focus areas for secure IoT devices. These involve a hardware-based root of trust, a small trusted computing base, defense in depth, compartmentalization, certificate-based authentication, renewable security, and failure reporting. You can find more details about each of these domains in Microsoft's documentation here.

Microsoft notes that threat modeling should be at the core of an IoT security solution's design. For this purpose, organizations can leverage Microsoft's Threat Modeling Tool, available here.

Similarly, in order to build a Zero Trust solution, Microsoft has encouraged organizations to focus on these principles:

1. Strong identity
2. Least-privileged access
3. Device health
4. Continuous updates
5. Security monitoring and response

Naturally, all of these principles and other areas talked about are dedicated subjects within themselves, so make sure to check out Microsoft's blog post which contains links to more detailed documentation for these topics.

 

ARTICLE

[FunkyBuddha]

Agreed and it makes sense. One of the things I did recently for IoT devices and individual users is to put them in their respective VLANs.