- OverviewPress tab for submenu items
TCS is here to make a difference through technology.
Leading the way in innovation for over 55 years, we build greater futures for businesses across multiple industries and 55 countries.
-
Industries
-
Services
-
Products and Platforms
-
Research & Innovation
Overview
Industries
expand here
Services
expand here
Products and Platforms
expand here
Research & Innovation
expand here
- OverviewPress tab for submenu items
We’re in it for good, driving positive change for the benefit of all.
Our expert, committed team put our shared beliefs into action – every day. Together, we combine innovation and collective knowledge to create the extraordinary.
-
About Us
- OverviewPress tab for submenu items
Extraordinary expertise leads to remarkable results.
We share news, insights, analysis and research – tailored to your unique interests – to help you deepen your knowledge and impact.
-
Customer Stories
-
Perspectives
-
Global studies
-
Topics
- OverviewPress tab for submenu items
Want to be a global change-maker? Join our team.
At TCS, we believe exceptional work begins with hiring, celebrating and nurturing the best people — from all walks of life.
-
India
-
Americas
-
Asia Pacific
-
Europe and UK
-
Middle East and Africa
Overview
India
expand here
Americas
expand here
Asia Pacific
expand here
Europe and UK
expand here
Middle East and Africa
expand here
- OverviewPress tab for submenu items
Find the latest news about TCS in our Newsroom
Get access to a catalog of the latest news stories from across TCS. Discover our press releases, reports, and company announcements.
-
Press releases
-
News alerts
-
Analyst recognition
Recent recognitions
View all -
Events
Upcoming events
08 Nov 2024 TCS BaNCS at CorpActions 2024, LondonView all29 Oct 2024 TCS at OpenText World 2024 -
Media kit
- OverviewPress tab for submenu items
TCS works hand in hand with world-leading investors.
Tata Consultancy Services LimitedNSE:TCSINR -
Management Commentary
-
Financials
-
News and Events
-
ESG
-
Resources
Overview
Management Commentary
expand here
Financials
expand here
News and Events
expand here
ESG
expand here
Resources
expand here
Top Results
Showing
10
01 - 07
-
Blog
You have these already downloaded
We have sent you a copy of the report to your email again.
The prolific adoption of internet of things (IoT) technologies across industries in recent times is resulting in an agile, smarter, and more connected world. With the introduction of 5G cellular networks and high bandwidth internet access across geographies, including remote areas hitherto deprived of stable internet connectivity, the adoption of IoT devices and solutions is likely to witness unprecedented growth in the coming years.
In fact, the International Data Corporation (IDC) predicts the IoT global market revenue to reach approximately $1.1 trillion by 2025. Global IoT connections are predicted to increase at 17% compound annual growth rate (CAGR) from approximately $7 billion to $25 billion from 2017 to 2025.
The key challenge to securing IoT
While IoT devices drive business value, they also present a particularly large attack surface due to their internet-supported connectivity. According to research conducted by Palo Alto Networks' threat intelligence research arm, 57% of IoT devices are vulnerable to attacks of medium to high severity. 41% of respondents said they need to make a lot of improvements to the way they approach IoT security, and 17% said that a complete overhaul is needed.
Securing the IoT device and thereby reducing cyber risk to organizations due to adoption of IoT use cases requires due diligence during vendor selection, secure deployment of devices, and integrated internet technology (IT) and operational technology (OT) security operations. Therefore, organizations must develop a security framework for their IoT solutions which includes IoT risk management aligned with their enterprise cyber risk strategy.
Best practices for choosing an IoT solution
Organizations should look for basic security assurance from their IoT vendor. Prior to vendor finalization, an organization should evaluate the vendor’s IoT solutions against essential security parameters by:
- Assessing if the vendor’s solution adheres to the company’s security policy and processes in design, development, operations; and ensures compliance of their device to security and applicable privacy statutory regulations.
- Ensuring vendors have comprehensive and transparent policies and standards for security and privacy of IoT solution encompassing hardware, firmware, communication and storage of data, application and its platform, data retention, and business continuity.
- Verifying how the IoT vendor keeps their security policy and processes updated in the dynamic technological landscape, privacy regulations regime, and emerging security threats.
- Determining the IoT vendor’s ability to respond to notified security vulnerability in hardware, firmware, or application.
- Finding out if the vendor uses third party or open source firmware and hardware with minimum customization. If so, the vendor may have inadequate insight into the security of the hardware or firmware. Furthermore, lack of the vendor’s direct control over hardware and firmware security is likely to affect response time to threats or vulnerabilities.
- Ensuring availability of solution from vendor for security management of IoT devices through deployment of security fixes or patches locally or remotely over the air (OTA) and monitoring of devices for security threats.
- Ensuring security assurance of IoT devices, gateways, applications, and platforms through vulnerability assessment and penetration testing.
Common pitfalls to avoid when deploying IoT solutions
Firstly, do not assume that an IoT hardware - running custom firmware or light weight service - would be immune to attacks or breaches because they have not been exploited yet. There have been instances where IoT devices were exploited because there were no proactive measures to detect and fix vulnerabilities.
Secondly, do not solely rely on generic vulnerability scanner tools meant for IT systems to detect vulnerability in IoT devices. On the contrary, conform to testing methodology tailored for IoT devices and use specialized tools meant for IoT to ensure robust IoT security.
The proactive approach to ensuring IoT security
The threats to cybersecurity of IoT systems are real and on the rise. Therefore, it becomes imperative for IoT device vendors to introduce enhanced security features in their devices. Such features need to be consistent with the intended use, perceived threat, and the impact to the business, user or environment, if the device is compromised. Furthermore, the onus of ensuring that robust cybersecurity protocols are in place lies with the government as well.
In February 2019, the European Telecommunications Standards Institute released the first globally applicable standard for consumer IoT security. In the US, one such protocol is the Internet of Things Cybersecurity Improvement Act of 2020, directing the National Institute of Standards and Technology to create minimum cybersecurity standards for those IoTs controlled or owned by the United States government.
Implementing and enforcing such protocols would help countries across the globe to foster growth and ensure seamless connectivity for a better future. However, the onus of adherence to these regulations and ensuring IoT security cannot lie with the government or regulatory bodies alone. The IoT value chain is very intricate with a high degree of interdependence between all stakeholders. Every link in the chain, including the end-user, the IT team, IoT vendors and organizational stakeholders all represent potential vulnerability and are together responsible in ensuring IoT security.
About the author
Image of Kumar Siddharth
Kumar Siddharth
Kumar Siddharth is a solution architect with TCS’ Cyber Security business unit’s center of excellence for IoT and ICS-OT security. He was instrumental in setting up IoT device security testing lab for delivering services to TCS customers. Siddharth has 16 years of experience in the IT industry and has previously handled various roles in the area of enterprise vulnerability management, penetration testing, ethical hacking, and enterprise risk and compliance.
Related reading
1/4
Blogs
Manufacturing
Enhancing Dealer Network Management with Master Data Management
Blog
|
18 Nov 2024
Opens in new tab
2/4
Blogs
Manufacturing
Overcoming Barriers to Gen AI Adoption
Blog
|
18 Nov 2024
Opens in new tab
3/4
Blogs
TCS CHROMA™
The Role of AI in HRMS Industry
Blog
|
11 Nov 2024
Opens in new tab
4/4
Blogs
Public Services
Cybersecurity: The new frontier in the digital age
Blog
|
25 Oct 2024
Opens in new tab
What’s on your mind?
We’re here to help! Tell us what you’re looking for and we’ll get you connected to the right people.
Looking for something else?
©2024 TATA Consultancy Services Limited
©2024 TATA Consultancy Services Limited
- Privacy Notice
- Cookie Policy
- Disclaimer
- Security Policy
- California Notice at Collection
- Customize Cookies