Grounded in the Cloud
Showing results for 
Search instead for 
Did you mean: 

Your Internet of Things is connected to the Cloud - and both need security


The Internet of Things, a computing model where connected ‘things’ ranging from connected toys to fridges to vehicles are able to communicate, collect, and share information with centralized systems, is becoming more and more an aspect of our daily connected life. In fact, Gartner expects there to be more than 20 billion connected devices by 2020, with other analysts quoting similar statistics.


 I think it’s fair to say that the increase in effectiveness and therefore popularity of IoT is due in no small part to the ability of cloud to provide a scalable back-end that allows organizations running IoT projects to offer mass data storage and analytic processing capabilities. And as with any cloud project, it’s important to consider all of the potential security implications of the new architecture before cybercriminals beat you to it.

  From an IoT specific perspective, I split the main security challenges into the following categories:


  • Security of the infrastructure – How are devices authenticated to the infrastructure? Are secure communication protocols in place to allow end points to exchange information securely? ‘Things’ can be connecting from anywhere, so the use of encrypted protocols should be a minimum security control to avoid potential man in the middle style attacks, as well as authenticating the devices as they connect.
  • Security of the applications – Have both the client/thing applications and back end applications been checked for security vulnerabilities? Has the security team signed off on any identified risks? Remember that once code has been released and installed on a ‘thing’, the ability to regularly access and update the code may be very limited.
  • Security of the data – What information is being collected and how is any potentially personal or sensitive data being protected? Especially in a consumer-oriented environment, privacy regulations may prevent certain types of information from being stored, unless you can demonstrate specific countermeasures that have been taken to encrypt that information.
  • Operational security around the IoT network – What steps are being taken to identify any malicious threat actors trying to exploit the system? How quickly can you respond to any potential threat? Having a clear picture of what is going on inside an IoT network is a very important step in being able to preempt any potential malicious activity from causing any lasting damage.


These challenges in some ways are very similar to the security challenges we have identified in a hybrid cloud security model elsewhere in this blog. But the main difference in an IoT world is scale – the fact that the ‘things’ can be very numerous, and could be located absolutely anywhere in the world, very often in an environment that is way outside of your control and inherently insecure.

In terms of the risk, whereas a breach in a traditional cloud environment can lead to the mass loss of customer data or the uncovering of corporate intellectual property, the very fact that IoT is designed to make our lives more comfortable means the impact on the individual consumer can be a lot higher, or, in some cases, even life threatening – take for example a home monitoring system that monitors for fires – if a hacker were to breach the system and change the alarm notifications, a fire situation could be identified too late. Or how about a hacker breaching an IoT connected car and disabling the brake control system? Something already demonstrated in a proof of concept by Charlier Miller and Chris Valasek last year.

At Hewlett Packard Enterprise we are investing in the Internet of Things, helping customers to gather data insights and business value from the proliferation of connected devices and machines in a secure way. We have products and solutions ranging from the Edgeline IoT compute platform to secure networking solutions based around our Aruba technologies. But we’re also doing a lot of work around secure IoT use cases that we can use to help demonstrate to our customers the IoT security capabilities of the HPE Security range of products together with a HPE Helion cloud.

As an example of this work, I invite you to take a look at two recently released videos created by my colleague Angelo Brancato, Chief Technologist within HPE Security, covering the security of data and dealing with malware in an IoT environment, and how HPE tackles these with innovative solutions:




For additional information on how HPE thinks about the Internet of Things, please visit the corporate IoT landing page, and if you want to learn more about cloud security, please check out the HPE Hybrid Cloud Security page.


0 Kudos
About the Author


Simon Leech is a Certified Information Systems Security Professional with a specialisation in Security Architecture (CISSP-ISSAP), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), Certified in Cloud Security Knowledge (CCSK) and working in the Worldwide Security Center of Excellence within HPE Pointnext Advisory and Professional Services. Simon is active on Twitter as @DigitalHeMan

Jan 30-31, 2018
Expert Days - 2018
Visit this forum and get the schedules for online HPE Expert Days where you can talk to HPE product experts, R&D and support team members and get answ...
Read more
See posts for dates
HPE Webinars - 2018
Find out about this year's live broadcasts and on-demand webinars.
Read more
View all