IoT Security: Essential Steps for Security by DesignSecurity Expert Aloysius Cheang on Choosing the Right Controls
Manufacturers need to change their approach to securing internet of things devices, says Aloysius Cheang, executive vice president for Asia Pacific at the Center for Strategic Cyberspace + Security Science, a U.K.-based think tank.
"Original design manufacturers based in Taiwan are responsible for over 90 percent of the world's IoT devices' designs," although most devices are actually manufactured in China, Cheang notes in an interview with Information Security Media Group. "But a company in the West, when they buy the design from Taiwan, while they are guided by policies and compliance requirements, these are only procedures ... that are not product- or even solution-centric. In fact, I would say a lot of them have no clue what security controls need to be in place for IoT devices."
While there are good security ... standards to follow, Cheang says, "they are not purpose-built for IoT products and services. In fact, they only apply to a very small group of usage scenarios," he says.
In this interview (see audio link below photo), Cheang also discusses:
- Why the "security by design" approach has not worked for IoT devices so far;
- The need for IoT-specific standards;
- Insights for CISOs on IoT security.
Cheang is executive vice president for Asia Pacific at the Center for Strategic Cyberspace + Security Science. The cybersecurity expert has worked on a wide variety of complex technology and business problems. Cheang is also the CEO of iSyncGroup Technology Inc., a Taiwan-based IoT security company.