EDITOR’S QUESTION
//////////////////
dedicated IoT features and development
enhancements which simplify development,
code maintenance and upgrades. The 3.1
release enables the rollout of security and
SIM applications on the same chip, allowing
services to be used on a large spectrum of
networks from NB-IoT to 5G, and on a wide
range of devices.
Treat connected devices like humans
T
he worldwide number of connected
devices is already impressive, but
this is just the beginning. With the
projected increase of connected devices
comes additional complexity, presenting
challenges in terms of their security and
manageability. The security of IoT devices
is important, but needs to be looked at
holistically, the concept we often refer to is
“security core to the edge”.
Java Card update boosts IoT
device security
Oracle has released a new version of
Java Card, one of the most popular open
applications used in some of the most
sensitive devices. Release 3.1 is an extensive
update which provides more flexibility
to help meet the unique hardware and
26
INTELLIGENTCIO
security requirements of both existing
secure chips and emerging IoT technologies.
New features introduced with this release
address use cases across markets ranging
from telecom and payments to cars and
wearables. Java Card introduces features
that make applications more portable across
security hardware critical to IoT.
This enables new uses for hardware-
based security, such as multi-cloud IoT
security models, and makes Java Card
the ideal solution for tens of billions of
IoT devices that require security at the
edge of the network. This enhancement
enables emerging applications such as
smart metering, industrial IoT, wearables,
automotive and most importantly, cloud
connected devices. New features include
rapid deployment of edge security services,
The next step is the Oracle IoT Cloud
Service, which is designed on a security
foundation, using mutual certificate
authentication between components.
Participants in the IoT process are
sometimes referred to as non-carbon
identities. This concept mandates
that connected devices should be treated
like humans when it comes to security.
We need to govern their lifecycle
through provisioning, deprovisioning
and attestation.
We need to apply similar behavioural
analytics that we use for humans and that
is where the E in UEBA (User and Entity
Behaviour Analytics) comes from. One can
assume that connected devices create vast
amounts of data, which can be sensitive.
Protecting this data is often neglected, but it
is crucial for the security posture.
This is the concept of security core to the
edge of IoT in a nutshell. IoT also affects our
security decisions in seemingly unconnected
areas. With a large number of IoT devices,
especially personal ones being hopelessly
misconfigured, there is an elevated threat of
distributed denial of service attacks.
www.intelligentcio.com