Solution -> Security and privacy by Design
Instead of only relying on a reactive approach like patching security leaks when they have been exploited and the solution might be already deployed in the field (Security by “pain”), security should be considered as an integral part of the solution from the very start of the project.

These pages present a proactive approach to security:
Security by Design

Navigate through the following sections to find out more.

The reason for the subordinate role of security in many IoT solutions are diverse:

o    Hardware resource constraints 
o    Budget / development resources limitations
o    Fast time to market

Another major problem is that from a user perspective security is not directly a functional or noticeable feature of the solution. Lacks of security however become visible when security loopholes are exploited. Nicely working security is ideally invisible to the user.

Further challenges are the diversity of involved product categories, largescale production, many players in market and the lack of binding standards & regulation for IoT security.

o      IoT solutions developers & vendors
o      End users / customers
o      Hackers

Insecure IoT solutions obviously affect their end users. Illegal access to private data being only one example. Yet the damage is not limited to end users. Also other stakeholders associated with the IoT solution are affected. 

Among loss of data, also other assets can get compromised. Further trust and reputation of the IoT solution operator and device manufacturer can suffer from security exploits. 

What can be observed frequently is Exploit -> Security patch -> next exploit -> next patch, which we call “Security by pain”.

Just because IoT systems contain small and more resource constrained devices then typical IT systems, this does not mean they will be spared from hacks. Targeting the weakest link in the chain, small IoT devices can even act as a entrance point for illegal access to other parts of the system. 

It is key to understand the importance of security also in these heterogenous IT systems and the benefits of considering security already in the early design phases of a project. Designing the system architecture for example already in the initial process with security in mind might add some difficulty to the process. Yet having to apply late changes to the architecture when parts of the solution are already implemented or even deployed, is usually much more complex and costly.

Exploits happen on a day to day basis.

Some prominent examples of hacks are:

o    Jeep Hack 

o    Phillips Hue Hack
o    The recent Smart doorbell & camera system RING hack

o    Spectre & Meltdown

o    Heartbleed in SSL

o    Mirai hack

o    Cryptojacking at Tesla

IoT components (HW&SW), 

User data,

security & privacy.