The Cloud Security Alliance (CSA) has published version 3 of the Internet of Things (IoT) Controls Matrix, as well as the companion guide to the matrix. Version 3 of the resource, developed by the CSA IoT Task Force, adds a new incident management domain and improves technical clarity and references, while increasing the number of controls to 199.
The Matrix, along with the guide, will help users identify the appropriate security controls and assign them to particular architectural components, such as devices, networks, gateways, and cloud services, for enterprise IoT systems that incorporate multiple types of security. connected devices, cloud services and network technologies.
Aaron Guzman, co-chair of the IoT Working Group and one of the lead authors of the paper, commented that with new advances in connectivity and autonomy across all industry sectors, the IoT market continues to grow. The executive noted that, notwithstanding, depending on the data and functions generated by the IoT requires that companies adopting these new technologies plan deployments that are accessible, secure and robust. This can be difficult to move forward without a plan, given the rapid evolution of connected technology and the fixed inflow of new risks.
The third version of the matrix can be used in various areas of the IoT, from systems that only handle “low value” data with limited potential for impact, to highly sensitive systems that provide vital services. The companion guide shows how to use the matrix to analyze and implement an IoT system, with a column-by-column description and explanation. It has also been enhanced to include industry profiles, which serve as starting points for protecting industry-specific IoT devices, including medical devices, automobiles, and self-driving cars.
“Creating a secure IoT environment requires security engineering that addresses unique risks and employs appropriate mitigation measures. The IoT Controls Matrix offers a starting point for organizations looking to better understand and implement security controls within their IoT architecture,” said Michael Roza, Risk Professional, Audit and Compliance Control and one of the fellows. CSA research fellow and lead author of all three versions of the IoT Controls Matrix.
The IoT Controls Matrix (previously known as the IoT Security Controls Framework) was first published in early 2019, introducing 155 basic-level security controls that are required to mitigate numerous of the risks associated with an IoT network. IoT system that incorporates multiple types of connected devices, cloud services, and network technologies. System architects, developers, and security engineers, as well as auditors and penetration testers, continue to use it nowadays to evaluate the security of their implementations as they move through the development lifecycle to ensure that conform to the best practices specified by the industry.
As part of a holistic strategy to safeguard the cloud ecosystem, the IoT Controls Matrix supports the CSA Cloud Controls Matrix, the CSA Enterprise Architecture, and other best practices. The matrix and its companion guide are free and can be downloaded immediately.
The CSA IoT working group creates frameworks, processes, and best practices to put through systems security. Data privacy, security and protection at the edge and in the cloud are some of the topics addressed by the Working Group. Those interested in participating in future IoT research and activities can go to the registration page .