GlobalSign Blog

23 Mar 2017

The Right Approach to Building Security into Your IoT MVP or POC - Build vs. Buy?

Organizations need to focus on value delivery for any IoT solution.

During implementation, every additional technology is a potential leak in the value funnel and the decisions to include or exclude technologies may create inefficiencies or risks. Balancing the validation of the concept versus creating a viable long term architecture is an art.

When developing the solution, focus on the core capabilities is essential.  However, supporting technologies, especially those that provide security cannot be overlooked. Even if security isn’t at the forefront of the offering, it will be a requirement or expectation from the customers or stakeholders of the solution.

This echoes the challenge for organizations to focus on Security by Design rather than security by bolt on when designing the MVP.  We've addressed some of the bigger questions surrounding building an appropriate approach, framework and executive buy-in for security and buying in previous blogs:

Security by design’ thinking affords organizations much greater return on their security investments, as changes are much easier and cost effective to make early in the product lifecycle, especially as appropriate security and privacy features are rarely ever bolt on.

Strong Security Elements for IoT Manufacturing

...manufacturer can easily overlook cybersecurity as there is so much involved, even at the stage where you are simply trying to get the board to invest. The thing to remember is not to scare the board with trendy names of vulnerabilities or the latest technologies, simplify everything and put it in their language – the language of money that is.

Automotive Cybersecurity Best Practices Missing Executive Buy-In - Here's How to Get It

Building vs. Buying Scalable Security for Your MVP or POC

Let's assume the organization has moved past a baseline security posture and requirements.  They have identified and prioritized risks that should be addressed through security technology and have executive buy-in.

Across each security objective, there will be a build versus buy decision in the technologies used to mitigate the risks.

In many cases, build or free software solutions are often enticing for teams that face constrained financial resources. However, when it comes to security technologies additional risk is usually assumed when you don't bring trusted vendors and partners into the solution.

Complicating further, you also need to plan for the success case.  Success in the IoT often will mean tremendous scale and with that scale your team needs to consider the ability of the security technologies they implement to address that scale. The considerations will range from a basics of the technology to the specific implementation. How will it work when it gets out of pilot into thousands, millions or tens of millions of devices?

We recommend focusing your resources on building your solution’s core capabilities and working with experienced experts for security components. It is a proven strategy that with the right vendors and partners, it ensures your solution will follow identity and security best practices while still offering a competitive cost model.

GlobalSign’s IoT Developer and Partner Programs

GlobalSign has built its platform and services to enable outsourced risk and management of PKI operations. Through our developer program, we work with organizations on assessing the implementation of PKI from POC to production.   These services can be brought on at a minor POC scale so value can be proven using the same interface and service as full production, allowing the organizations to grow into a full and large scale production deployment.   When planning for the longevity of the ecosystem, good architects take scale into consideration.

Additionally, we've also built out a network of complementary security partners.  With this partner network we're able to help address the full stack of IoT security concerns, from hardware to software security, to protecting the keys on the device, secure operation, device lifecycle and updates and on through cloud connectivity.  You can learn more about some of our partnerships and see examples of how our joint solutions can be used to secure IoT ecosystems here – Strong Device Identity in Action.

GlobalSign works with developers, partners and communities to rapidly deploy identity and security into ecosystems with minimal CAPEX and time to market. If you’re evaluating an IoT POC project, talk to us today.

Share this Post

Write for Us

Apply Now

Subscribe to our Blog