When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

Here are Microsoft's recommendations for managing IoT security

Neowin · with 4 comments

A few hours ago, we reported that Internet of Things (IoT) devices are at a major cybersecurity risk and that almost a billion malicious attacks targeted IoT hardware in 2021. Now, Microsoft has published some guidance for organizations about how they can secure their IoT solutions.

Microsoft and IoT logos on the top sides a padlock opening with a key in the bottom middle

Microsoft has noted that companies have multiple security concerns when managing the security of IoT solutions such as data privacy, network security, encryption protocols, software and firmware updating, credentials, and secure provisioning, among many other things. The Redmond firm notes that IoT security breaches can have a negative impact of operation, revenue, customers, as well as compliance and regulation.

As such, Microsoft has emphasized on four steps to manage IoT security within your organization. These are as follows:

  1. Understand how to secure your environment
  2. Identify and mitigate potential security issues within your design
  3. Maintain a security maturity model (SMM)
  4. Follow Microsoft's Zero Trust security principles

It has also identified seven focus areas for secure IoT devices. These involve a hardware-based root of trust, a small trusted computing base, defense in depth, compartmentalization, certificate-based authentication, renewable security, and failure reporting. You can find more details about each of these domains in Microsoft's documentation here.

Microsoft notes that threat modeling should be at the core of an IoT security solution's design. For this purpose, organizations can leverage Microsoft's Threat Modeling Tool, available here.

Similarly, in order to build a Zero Trust solution, Microsoft has encouraged organizations to focus on these principles:

  1. Strong identity
  2. Least-privileged access
  3. Device health
  4. Continuous updates
  5. Security monitoring and response

Naturally, all of these principles and other areas talked about are dedicated subjects within themselves, so make sure to check out Microsoft's blog post which contains links to more detailed documentation for these topics.

Report a problem with article
A reference device for showcasing the E Ink Gallery 3 tech
Next Article

E Ink announces next-gen color ePaper with significantly improved refresh time

A Microsoft Teams logo on the left of a light background and a person with headset on a laptop scree
Previous Article

Microsoft announces new Teams integrations for professional grade broadcasting

Join the conversation!

Login or Sign Up to read and post a comment.

4 Comments - Add comment