The number of Internet of Things (IoT) end-user devices and IoT edge nodes such as home appliances, personal wearables, industrial robots, and even connected drones is quickly increasing. Global technology intelligence firm ABI Research forecasts that by 2026, the installed base of connected devices will reach more than 70 billion installations, creating an expansive IoT attack vector in the IoT environment. Most of these devices are low-power, storage limited, and with weak computational power, which means these devices are increasingly connecting to the cloud environment for centralized storage, data analytics, real-time monitoring, remote access, and updates in firmware and software. Connecting to the cloud environment creates yet another compromise vector for these devices. An effective IoT device-to-cloud security strategy should target security in three vital areas: device, network, and cloud.
"Device security often means securing the chipset and the data stored inside the device from being breached. Network security securely transfers data between the IoT device and the cloud. Cloud security allows the data to avoid intrusion while sitting in the cloud," says Michael Amiri, Senior Industrial and IoT Cybersecurity Analyst at ABI Research. Vendors such as Palo Alto Networks offer visibility into the cloud environment. Its Prisma Cloud solution provides cloud threat visibility, while its Networks Enterprise IoT security focuses on zero-trust frameworks to address IoT device vulnerabilities. Ayla Networks is an IoT platform provider offering end-to-end software and cloud-based services. Its IoT platform is another cybersecurity offering that addresses device and cloud security by maintaining the integrity of cloud connectivity, providing data analytics, and allowing device manufacturers to connect their IoT portfolios more securely to cloud networks.
In addition to embedded security in device design and cloud provider security offerings, end-users need to ensure the implementation of robust authentication practices, especially given the nature of remote access and remote work regarding the IoT environment. In such an environment, Amiri explains, "Security vendors need to include cloud security solutions at the forefront of their marketing strategies. Emphasizing cloud solutions is fundamental in a market where IoT devices increasingly rely on the cloud for storage, data handling, computation, remote management, and updates." Digicert provides IoT threat detection, offering secure keys through on-premises or cloud-based Hardware Security Modules (HSMs) and generates comprehensive Software Bill of Materials (SBOM) to access visibility into software deployed in the IoT environment. Infineon's CIRREN Cloud ID chip-to-cloud-security solution extends trust from IoT device chips to the cloud, offering public key certificates via the CIRRENT console.
IoT security technology is already experiencing a surge in demand, which will probably accelerate if new regulations for IoT and cloud connections are passed. A case in point is a recent Software Bill of Materials (SBOMs) mandate for medical device manufacturers in the U.S. ABI Research spoke to SBOM service providers, and they unanimously believe regulation has been a significant driver for their services.