Internet of Things (IoT) - AWS Prescriptive Guidance

Internet of Things (IoT)

Internet of Things (IoT) refers to the collective network of connected devices and the technology that facilitates communication among devices and between devices and the cloud. IoT implementations pose unique considerations that don't apply to traditional IT deployments. There are three types of IoT implementations: consumer IoT deployments, industrial IoT (IIoT) deployments, and operational technology (OT) deployments. Each of these implementations has a distinct set of security requirements.

  • Consumer IoT solution deployments, such as robotic vacuums and other consumer IoT devices, use AWS to handle scale and spikes. These implementations can introduce a new classification of security considerations to address. These security considerations and challenges include, but aren't limited to:

    • Difficulty in managing and securing a wide range of device types at scale

    • Constrained resources such as compute, storage, and network, which limit the availability of robust security features

    • The possible lack of automated update and patching mechanisms

  • IIoT solution deployments include implementations by automotive, pharmaceutical, and other manufacturing companies that use AWS IoT SiteWise. These implementations can optimize production processes, reduce costs, and provide a better experience for your customers. However, there are unique security considerations that stem from integration with OT systems, real-time operations, and physical processes. 

  • IoT deployments that are based on OT or supervisory control and data acquisition (SCADA), such as those adopted by mining, energy, and utilities companies, use various AWS IoT services to improve operational efficiencies and reduce operational cost. These implementations pose additional challenges associated with secure OT and IT convergence. These involve safety-critical systems, proprietary and often legacy industrial protocols, and diverse operating environments.

Note

This guidance focuses on security best practices that are relevant to the growing list of use cases that involve IoT, IIoT, and OT-based solutions on AWS. Future updates will iteratively expand the scope and add guidance to include the full array of relevant AWS services and features for this domain.