Symantec, Verisign, Microsoft, sign on for IoT Security Framework

Microsoft, TRUSTe, AVG Technologies, ADT, and other IoTs specialists have issued the Trust Framework for IoT as part of the IoT group called Online Trust Alliance.

Symantec, Verisign, Microsoft, sign on for IoT Security FrameworkThe working group was established in January 2015 to overcome the risks faced by IoT comprehensively. The IoT trust framework presents guidance for IoT developers, retailers, and manufacturers to monitor when creating, designing, marketing and adapting connected gadgets in 2 main categories: fitness wearables and home automation and health.

The specialists have determined that the reliability and safety of IoT app, service, and device depend both on privacy and security, along with third, often ignored factor: sustainability. Device’s supportability and the safety of the private data when warranty of the device ends is very crucial to the privacy and security of businesses and users across the world, the group said.

Executive director of OTA (Online Trust Alliance), Craig Spiezle said:

“The rapid growth of the Internet of Things has accelerated the release of connected products, yet important capability gaps in privacy and security design remain as these devices become more and more a part of everyday life.”

After reading this many questions raises in mind. Like, when any person sells a home with a garage door or thermostat, in what way the purchaser make sure that the former owner can no more access these things? Another example is, how do companies protect against interruptions into TVs and hack of data gathered from gadgets like microphones and cameras?

The framework noted, “Without addressing sustainability, devices that may have been secure off the shelf will become more susceptible to hacking over time allowing hackers to remotely control these devices. This is a persistent concern, first demonstrated with baby monitors, just recently by infiltration of fitness wearables to spy on health vitals, and will likely be again soon, perhaps through general mayhem caused by sabotaging connected appliances.”

It doesn’t mean that the working group didn’t propose any best practices, here are some of these:

  • Hashing and encrypting all personally recognizable data equally in motion and rest.
  • Up-to-date privacy policies always available for review before the purchase of product, activation or download.
  • Make known if the consumer have the facility to delete or conceal their personal information while discontinuing the product.
  • Just before purchase of any device disclosed the collection policies, plus what is the impact on the features of device if consumer don’t allow to share data.
  • Releasing a time period for customer support afterward the product/app is replaced or discontinued by latest version.

Chief privacy officer at Online Trust Alliance, Paul Plofchan said, “As the nation’s largest home security provider, ADT supports the sharing of best practices focused on the privacy and security considerations for the connected home. As a member of the working group, we applaud OTA’s effort to open the dialog with public and private sector participants in an effort to create a sustainable consumer protection framework.”

Together with the best practices given above, OTA is emerging particular methodologies and testing tools to solemnize the framework with a certification program, scoring criteria and Code of Conduct. Online Trust Alliance welcomes cooperation with companies interested in joining to help boost up and expand adoption of these certification programs over the world.

Top/Featured Image: From Maurizio Pesce / Flickr

Ali Raza Ali is a freelance journalist, having 5 years of experience in web journalism and marketing. He contributes to various online publications. With a Master degree, now he combines his passions for writing about internet security and technology for SecurityGladiators. When he is not working, he loves traveling and playing games.
Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.