With the Oct. 21 DDOS attack still fresh in memory, questions of Internet of Things (IoT) security are at an all-time high. The attack resulted from tens of millions of compromised IoT devices, so consumers as well as IoT companies are right to be concerned.
Microsoft is taking immediate action by introducing the Security Program for Azure IoT, which will allow Azure IoT users to evaluate their IoT infrastructure and manage their security risks. While Microsoft didn’t reference the DDOS attack in its blog post introducing the program, its timing makes it pretty clear that the company is doing its best to assuage the heightened security concerns.
The Security Program for Azure IoT
The new program will offer Azure customers a choice of several hand-picked security auditors to perform a ground-up evaluation of their IoT solutions. The initial security auditors are Casaba Security LLC, CyberX, Praetorian and Tech Mahindra, though Microsoft says the list will expand as the program grows.
Azure users will pick the security auditor of their choice, and the audit will cover every aspect of the user’s IoT solution. The Security Program will examine “everything from business devices and assets to gateways and even communication to the cloud.”
Microsoft will also be working with standards organizations such as the Industrial Internet Consortium (IIC) in an effort to establish industry protocols and best practices for security auditing. The IIC is well placed to help develop security auditing protocols, as it recently released a comprehensive document on IoT security issues called the Industrial Internet Security Framework.
There’s no word yet on when the Security Program for Azure IoT will be rolled out—only that “[s]elect Azure IoT customers will be the first to take advantage of this program.” Microsoft has promised updates over the coming months on the program, auditing partners and auditing standards, so hopefully Azure users can reap the benefits of the program sooner rather than later.
Of course, engineers using IoT platforms besides Azure should also take the time to evaluate their IoT security. You don’t need access to the Azure Security Program to obtain a comprehensive security audit; if this is a route your company is prepared to take, it may be worth looking into auditing options such as the ones listed above.
And for more IoT security tips, check out “IoT Security: How to Protect Connected Devices and the IoT Ecosystem.”