The Internet of Things is a concept involving many different areas of technology. At its core, IoT refers to connecting traditional devices and machinery to the global Internet. This practice is not new, in the sense that device manufacturers have been bringing their systems online since the beginnings of the Internet.
What makes this phase unique is that the micro-controllers and chipsets capable of network communication have never been smaller, cheaper, or easier to integrate. This transformation in embedded systems has drastically altered the market, making it much easier and less cost-prohibitive to connect even more devices, even those with incredible complexity.
In addition, this practice, alongside reliable wireless network infrastructure, has created entirely new categories of IoT devices that were not previously feasible, such as smart locks, home appliances, wearables, and connected vehicles.
As with all technology, new use cases and features bring new security considerations. It is important that these systems, whether new or legacy, be considered from the perspective of a new connected attack surface; one to which any actor on the Internet may be a threat. Security researchers within the IoT space have already begun identifying anti-patterns in IoT security architecture and development, reminiscent of forgotten security lessons from previous decades.
In this Refcard, we look to define the scope of what systems are encapsulated within the broader category of IoT. We further look to define a risk profile for organizations looking to create security policies around a connected device architecture.