As organizations look for the best methods of designing, architecting, and deploying IoT systems, they must consider practical questions:
What value does a given standard bring to IoT deployment? Are there any demonstrable examples of deployments?
What are the risks of not using a specific standard—or any standard at all? Do the potential business gains in the short term perhaps outweigh future challenges?
What are the risks if a chosen standard fails? (A practical option we highlighted earlier was to monitor which industry vendors are backing which standards and make an educated choice.)
Is there a way to influence a standard? If so, what process or cost is involved? (This can help you understand whether a standard is being driven to truly achieve openness and interoperability, or whether it is being driven for the benefit of one or more participants.)
When looking at standards, whether they focus on IoT, address IoT security in particular, or act as a technology enabler for IoT, remember to consider the security aspects for an IoT deployment. At a minimum, a successful security standard provides the following:
Scalability and ease of deployment and management. Technologies such as NFV and SDN allow for large-scale automation. This must include policy management, upgrades, and the capability to deploy new devices or use cases without impacting existing ones.
Protection for devices, no matter where they are deployed in the full IoT stack, from edge to cloud/DC.
Visibility and monitoring capabilities, in an automated way, to ensure that the system and, ultimately, you are aware of attacks.
Protection of the end-to-end data pipeline, from initial creation to ultimate consumption.
Autonomy. IoT often means a devolved and distributed architecture. Devices and lower parts of a system architecture must continue to effectively monitor and enforce security policies and requirements, even if visibility to the system head end is lost.
As the industry moves forward, efforts to evolve and improve standards will consolidate. This is required if we are to deliver technology changes and enable more advanced use cases, applications, and value propositions. The current landscape might be fragmented and complex, but history has shown that we do need standards to minimize complexity in deploying systems and minimize the security attack surface. Standards can help us gain better visibility of security incidents and leverage consistent, best-practice tools to defend, detect, remediate, and report on our IoT deployments.