Most of those who implement IoT linked with centralized cloud systems have little clue about security solutions for these architectures. You need to keep a few things in mind.
First, this is all about data security. You’re persisting data on the IoT device, let’s say within a drone, and you’re transmitting data to a centralized server, such as a database on a public cloud. Protecting data is everything.
Second, the network should be considered unreliable. Driving security in real time from a centralized system is typically not a good idea, considering that the devices are going to be unreachable some of the time. It should be decoupled, distributed, and have resiliency.
Third, you should be using a public cloud IoT system that’s able to manage remote device using device replicas. Sometimes called twins, these copies of the device systems (including OS, database, application, etc.) allow you to manage many copies of the devices and track configurations centrally. The master configuration is contained in the cloud, and it’s used for tracking configurations and change management.
Security is addressed by first dealing with consistency of data and software contained on the device. Device breaches often start with overwriting operating systems or other core components, such as reflashing a Wi-Fi chip or overwriting an SD storage card.
If those things happen, your first line of defense is that the device does not match the replica on the cloud IoT system. You can lock out that device until somebody or some process intervenes. In some instances, you can retake the device and write back with the current replica configuration, removing the intruding software and data.
In some instances, you’ll want to prevent breaches rather than allowing and overwriting them. This is done using IoT security systems that monitor core device systems proactively. You’ll have to spend more on security, and you’ll need higher-powered devices.
Proactive IoT security also requires a centralized security system with identity and access management. You’ll need to track data, services, and the IoT applications. You’ll defend these in a more fine-grained manner, much as if they were more traditional distributed systems.
If this sounds complex, it’s really not. These are two basic IoT security deployment patterns, one more primitive than the other. As we get more systems attached to public clouds, the solutions are likely to expand, as public cloud providers will provide better cloud-based IoT security over time.