end-to-end architecture
Below is a logical reference breakout for a robust M2M or IoT solution. This diagram helps illustrate the core system technology components that would make up a large IoT or M2M solution end-to-end. It is not meant to be exacting or exhaustive. Its purpose is to help set a common understanding for the primary threat and security surfaces common for IoT and M2M implementations. Some implementations will make use of all of these components, while others only partial.
All elements making up a solution's design must be considered for threat, vulnerability, and risk. Then the subsequent types and amount of security applied to each section must be determined, applied, and maintained over time.
IoT & m2m Solutions support multiple industries
Devices, gateways, backend networks, and services which comprise M2M and IoT solutions can be found in a wide variety of both old and new industries. Below is a representative example of some of the industries seeing substantial growth in the use of embedded systems and Internet services. All of these solutions utilize various levels of device robustness; and require varying levels of security and privacy considerations as well.
Connection Scenarios
There are a number of different connection scenarios possible for Machine-to-Machine and Internet-of-Things systems depending on the given solution. The complete system must be considered for threats, vulnerabilities, and controls to ensure sufficient security. And as much as a holistic security view is important, privacy aspects too must be considered along the entire flow of system data.
different Bearer Options
Just as Machine-to-Machine or Internet-of-Things solutions can take many different forms of connectivity layout, so too can they use a wide range of communications technologies. Each form can add different elements of threat and vulnerability into consideration. Some technologies will have security features incorporated into them by design, and some will have no security capabilities at all.
Considering End-to-End
To ensure a secure solution, all systems, services, data, communications and protocols that make up the complete solution must be understood and assessed for threat posture, vulnerability elimination and mitigation, and adequate levels of security controls.
classifying the iot system elements
Establishing a common understanding of the primary component categories that make up an IoT or M2M system establishes an anchor for being able to then better determine threat and risk for a solution; and then to identify the security controls needed across the entire system.
The diagram above breaks up a system solution into five primary categories for security consideration: three IoT/M2M device specific categories deployed "in the field," a Component category for the sub-elements that make up the systems, and a Cloud Network category for backend networked systems and services that are also often part of a solution.
On top of the categorization model, there is also a classification overlay for further identifying the type of device, and the way it has been designed to be deployed for operation. This classification scheme not only provides a helpful, simple nomenclature for quickly understanding the type of device in the system, but will also allow for further stratification in the mapping of threat, risk, and recommended security controls based on operational considerations.