7. Secure both the IoT environment and supporting IT environments to the same level of criticality - Securing Internet of Things (IoT) with AWS

This whitepaper is for historical reference only. Some content might be outdated and some links might not be available.

7. Secure both the IoT environment and supporting IT environments to the same level of criticality

Secure both the IoT environment and supporting IT environments to the same level of criticality following a well-documented standard. This is especially true for gateways that serve as boundaries between systems.

Often, IoT systems still have a dependency on traditional IT systems to operate. Whether that’s for identity and authorization, billing, monitoring and remediation, or maintenance, having these systems become unavailable to the IoT system can cause cascading failures. Therefore, you should use the risk assessment and asset inventory to document these critical dependencies and architect all relevant systems to the same level of resiliency and security. Some ways to do this include:

  • Plan and manage security lifecycle of devices.

  • Consistently harden internet-connected network resources such as edge gateways.

  • Avoid hardcoding or storing credentials and secrets locally on devices.

  • Use device certificates and temporary credentials instead of long-term credentials to access AWS cloud services.

  • Limit the number of listening ports on IoT devices, and ensure access only from authorized systems.

  • Create allow lists for access with a management mechanism similar to that of software updates.

  • Disable unused sensors, actuators, services, or software on the IoT device.

  • Establish secure connections to cloud services, and monitor these connections.

Supporting AWS resources

AWS provides the following assets, capabilities, and services to help secure cloud connected network resources and securely manage on-premises computing resources: