The Internet of Things is a concept involving many different areas of technology. At its core, IoT refers to connecting traditional devices and machinery to the global Internet. This practice is not new, in the sense that device manufacturers have been bringing their systems online since the beginnings of the Internet.

What makes this phase unique is that the micro-controllers and chipsets capable of network communication have never been smaller, cheaper, or easier to integrate. This transformation in embedded systems has drastically altered the market, making it much easier and less cost-prohibitive to connect even more devices, even those with incredible complexity.

In addition, this practice, alongside reliable wireless network infrastructure, has created entirely new categories of IoT devices that were not previously feasible, such as smart locks, home appliances, wearables, and connected vehicles.

As with all technology, new use cases and features bring new security considerations. It is important that these systems, whether new or legacy, be considered from the perspective of a new connected attack surface; one to which any actor on the Internet may be a threat. Security researchers within the IoT space have already begun identifying anti-patterns in IoT security architecture and development, reminiscent of forgotten security lessons from previous decades.

In this Refcard, we look to define the scope of what systems are encapsulated within the broader category of IoT. We further look to define a risk profile for organizations looking to create security policies around a connected device architecture.

The components of an IoT ecosystem can vary depending on the specific technologies in place, though many follow a specific pattern.

DEVICE

This is your physical machine that will be Internet-connected. Typically, this involves sensor inputs for reading external data and output channels for executing an action. Example devices can include items common in the home (thermostats, refrigerators, door locks), machinery used in factories and worksites (industrial control systems, forklifts), next-gen automotive vehicles (cars, scooters, truck fleets), and much more.

This is a preview of the IoT Security Refcard. To read the entire Refcard, please download the PDF from the link above.