Learn how the three pillars of IoT security are ensured by Dover's CoreGuard.
What's the Difference?
To the average person security, safety, and privacy all mean roughly the same thing.
These words are used interchangeably to describe some level of assurance that bad things are not going to happen. However, dive into minutiae of how these terms are applied to the world of IoT, and the difference between them increases dramatically.
The term safety may mean one thing to a person working in automotive IoT and a completely different thing to a person working in IIoT. It’s time that we establish what me mean when we use the terms safety, security, and privacy in relation to providing IoT trust.
Let’s start with security. When we think of the term we usually relate it to physical security like a locked door or tall fence. Nothing can get in or out without the permission of the gatekeeper.
In the world of technology, the word “security” is typically shorthand for a combination of computing security and communications security. The first half of the definition, computing security, is all about creating an impenetrable barrier between the connected devices (nodes) and the network they are connected to. In a sense, this is similar to building a fence around each one of the devices that is connected through the internet.
The second part of security, communications security, is concerned with keeping communications safe via encryption. Information flowing in and out of the connected device is scrambled and rendered unreadable to anyone but the intended recipient. Both halves of security must be working together in tandem to provide a trusted solution.
Moving on, safety is an entirely different animal than security. In the world of IoT, there can be severe consequences when critical pieces of infrastructure such as power plants, medical devices, or cars are compromised. As we have seen, even the smallest deviation from the preset parameters of a connected device could lead to bodily harm or other consequences.
Unlike with computing and communications security where threats may be less immediate and tangible, safety concerns are easy to describe as a set of rules. Safety is the first cousin of security, and violations of safety policies can be caused by either a hostile external agent or by human error in the programming or configuration of the device or the applications controlling it.
Privacy is concerned with keeping confidential personal, corporate, and military information from being exfiltrated— that is, intercepted or stolen by an unauthorized party.
There have been numerous examples in the past year alone of large corporations suffering the consequences that come with the leak of private data. With the Internet of Things slated to have nearly 21 billion devices connected to the internet by 2020—and with many of these devices handling sensitive data—privacy is a critical piece of the IoT Trust Triad. Ensuring the encryption of data on the host machine and the proper decryption on the receiving machine is essential to ensuring privacy, but that is not the whole story.
CoreGuard and the Trust Triad
The foundation of the three pillars of IoT trust rest on the ability to enforce security, safety, and privacy. CoreGuard provides this guarantee. Through software micropolicies and the hardware policy enforcer, the CoreGuard solution provides customizable and unassailable IoT trust.
CoreGuard ensures computing security by guaranteeing the processor in the IoT device executes an application only as intended, without any deviations precipitated over the network by malicious actors. CoreGuard provides IoT safety by clearly defining routines that cannot be modified to compromise the integrity of the process being executed. Finally, privacy with CoreGuard is established by labeling data as confidential through metadata tagging. This data in turn cannot be exfiltrated or accessed by anyone but the authorized user. In this way, CoreGuard ensures the security, safety, and privacy of all connected IoT devices.
Want to explore more in-depth how CoreGuard delivers IoT trust? Be sure to check out full IoT Trust white paper.