Design Principles - IoT Lens

Design Principles

In addition to the overall Well-Architected Framework security design principles, there are specific design principles for IoT security:

  • Manage device security lifecycle holistically: Data security starts at the design phase, and ends with the retirement and destruction of the hardware and data. It is important to take an end-to-end approach to the security lifecycle of your IoT solution in order to maintain your competitive advantage and retain customer trust.

  • Ensure least privilege permissions: Devices should all have fine-grained access permissions that limit which topics a device can use for communication. By restricting access, one compromised device will have fewer opportunities to impact any other devices.

  • Secure device credentials at rest: Devices should securely store credential information at rest using mechanisms such as a dedicated crypto element or secure flash.

  • Implement device identity lifecycle management: Devices maintain a device identity from creation through end of life. A well-designed identity system will keep track of a device’s identity, track the validity of the identity, and proactively extend or revoke IoT permissions over time.

  • Take a holistic view of data security: IoT deployments involving a large number of remotely deployed devices present a significant attack surface for data theft and privacy loss. Use a model such as the Open Trusted Technology Provider Standard to systemically review your supply chain and solution design for risk and then apply appropriate mitigations.