Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
GDPR Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Train my entire team
Trainings
Zero Trust Training (ZTT)
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Architectures and Components
Enterprise Architecture
Hybrid Cloud Security
Emerging Technologies
Blockchain/Distributed Ledger
Quantum-safe Security
Artificial Intelligence
Securing DevOps
Application Containers and Microservices
DevSecOps
Security Services
Enterprise Resource Planning
Software-Defined Perimeter
Zero Trust
Threat Intelligence
Vulnerability Data
Top Threats
View all topics
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
GDPR Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Train my entire team
Trainings
Zero Trust Training (ZTT)
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Architectures and Components
Enterprise Architecture
Hybrid Cloud Security
Emerging Technologies
Blockchain/Distributed Ledger
Quantum-safe Security
Artificial Intelligence
Securing DevOps
Application Containers and Microservices
DevSecOps
Security Services
Enterprise Resource Planning
Software-Defined Perimeter
Zero Trust
Threat Intelligence
Vulnerability Data
Top Threats
View all topics
Cloud 101CircleEventsBlog
Sign In

Download Publication

Home
Publications
New Security Guidance for Early Adopters of the IoT
New Security Guidance for Early Adopters of the IoT

New Security Guidance for Early Adopters of the IoT

Release Date: 04/20/2015

Working Groups: Internet of Things Security Guidance

For the latest research on IoT security from CSA, please check out the IoT Working Group and their IoT Security Controls Framework.

The marketplace is seeing the beginning of widespread adoption of the Internet of Things (IoT) within the consumer sector. Wearables, smart home appliances, lighting, and other IoT devices are becoming mainstream. This surge of smart consumer devices is anticipated to continue to grow at a frenzied pace well into the future. 

As traditional enterprise security solutions do not sufficiently address the security needs of IoT, this document provides guidance for the secure implementation of IoT-based systems. This document was created using input from a number of security and mobility experts representing diverse industries. References and information from existing guidance in the field are incorporated into this paper whenever possible in order to promote alignment with the work of other industry bodies.

Key Takeaways:
  • Challenges posed by IoT, including: increased privacy concerns, platform security limitations, and ubiquitous mobility that hinders tracking and asset management
  • Examples of IoT threats and attack vectors to both individuals and organizations
  • Top challenges for organizations trying to secure IoT systems
Who It’s For: Anyone involved in the implementation of IoT-based systems
Download this Resource

Prefer to access this resource without an account? Download it now.

Bookmark
Share
View translations
Related resources

Related Resources

PublicationsBlogs
An Agile Data Doctrine for a Secure Data Lake
An Agile Data Doctrine for a Secure Data Lake
Download Now
IoT Controls Matrix v3
IoT Controls Matrix v3
Download Now
Guide to the IoT Controls Matrix v3
Guide to the IoT Controls Matrix v3
Download Now
View all publications
A Mindset Shift for Cloud Security Resilience: Assume Breach
A Mindset Shift for Cloud Security Resilience: Assume Breach
Published: 09/29/2023
IoT Security and the Infinite Game
IoT Security and the Infinite Game
Published: 09/19/2023
Digital Trust for Connected Medical Devices
Digital Trust for Connected Medical Devices
Published: 09/18/2023
How Great CISOs Make SaaS Security a Priority for Business Leaders
How Great CISOs Make SaaS Security a Priority for Business Leaders
Published: 09/13/2023
View all blogs
View all webinars

Acknowledgements

Srinivas Tatipamula
Srinivas Tatipamula
Principal Security Advisor, Fairfax

Srinivas Tatipamula

Principal Security Advisor, Fairfax

C-CISO|CISSP|CISA|AWS CSS|AWS CSA|CDPSE|CISM|CGEIT|CRISC|ISO 27000LA|CCSK|ITIL-F|PMP|Bachelor of Economics (Hons)|Bachelor of Law| MS in Digital Forensics

Overall 30 plus years in IT and over 18 years in Cyber Security

Publications:

1. Cloud Security Alliance Internet of Things (IoT) Working Group IoT Security Controls Guide Version Published March 2019

2. CSA IoT Controls Matrix March 2019

3. ...

Read more

John Yeoh
John Yeoh
Global Vice President of Research, CSA

John Yeoh

Global Vice President of Research, CSA

With over 15 years of experience in research and technology, John excels at executive-level leadership, relationship management, and strategy development. He is a published author, technologist, and researcher with areas of expertise in cybersecurity, cloud computing, information security, and next generation technology (IoT, Big Data, SecaaS, Quantum). John specializes in risk management, third party assessment, GRC, data protection, incid...

Read more

Brian Russell
Brian Russell

Brian Russell

Brian Russell is co-author of the book “Practical Internet of Things Security” and is a Chief Engineer focused on Cyber Security Solutions for Leidos (www.leidos.com). He oversees the design and development of security solutions and the implementation of privacy and trust controls for customers. Brian leads efforts that include security engineering for Unmanned Aerial Systems (UAS) and Connected Cars, and the development of hig...

Read more

​Aaron Guzman
​Aaron Guzman

​Aaron Guzman

Aaron is a passionate information security professional specializing in IoT, embedded, and automotive security. He is co-author of the “IoT Penetration Testing Cookbook” and a technical editor for the "Practical Internet of Things Security” Packt Publishing books. Aaron is co-chair of CSA’s IoT working group as well as a leader for OWASP’s IoT and Embedded Application Security projects; providing practical guidance to address the most commo...

Read more

Srinivas Tatipamula
Srinivas Tatipamula
Principal Security Advisor, Fairfax

Srinivas Tatipamula

Principal Security Advisor, Fairfax

C-CISO|CISSP|CISA|AWS CSS|AWS CSA|CDPSE|CISM|CGEIT|CRISC|ISO 27000LA|CCSK|ITIL-F|PMP|Bachelor of Economics (Hons)|Bachelor of Law| MS in Digital Forensics

Overall 30 plus years in IT and over 18 years in Cyber Security

Publications:

1. Cloud Security Alliance Internet of Things (IoT) Working Group IoT Security Controls Guide Version Published March 2019

2. CSA IoT Controls Matrix March 2019

3. ...

Read more

Jean Pawluk Headshot Missing
Jean Pawluk

Jean Pawluk

This person does not have a biography listed with CSA.

David Lingenfelter
David Lingenfelter
Security and Compliance, MaaS360

David Lingenfelter

Security and Compliance, MaaS360

David is a seasoned security professional with nearly 20 years of experience in risk management, information security, compliance, and policy development. Throughout his career David has performed risk and vulnerability assessments along with making recommendations on network and system design improvements. David’s career has spanned from traditional hardware based security architectures to cloud technologies and virtual environments.

Read more

Michele Drgon Headshot Missing
Michele Drgon

Michele Drgon

This person does not have a biography listed with CSA.

K S Abhiraj Headshot Missing
K S Abhiraj

K S Abhiraj

This person does not have a biography listed with CSA.

Drew Van Duren Headshot Missing
Drew Van Duren

Drew Van Duren

This person does not have a biography listed with CSA.

Valmiki Mukherjee Headshot Missing
Valmiki Mukherjee

Valmiki Mukherjee

This person does not have a biography listed with CSA.

Eiji Sasahara
Eiji Sasahara
Board of Director at CSA Japan Chapter

Eiji Sasahara

Board of Director at CSA Japan Chapter

This person does not have a biography listed with CSA.

Cesare Garlati
Cesare Garlati
Chief Security Strategist at prpl Foundation

Cesare Garlati

Chief Security Strategist at prpl Foundation

Cesare Garlati is an internationally renowned leader in information security. Former Vice President of mobile security at Trend Micro, Cesare currently serves as Chief Security Strategist at prpl Foundation and Co-chair of the Mobile Working GroupCloud Security Alliance. Prior to Trend Micro, Mr. Garlati held director positions within leading mobility companies such as iPass, Smith Micro Software and W...

Read more

Girish Bhat Headshot Missing
Girish Bhat

Girish Bhat

This person does not have a biography listed with CSA.

Guido Sanchidrian Headshot Missing
Guido Sanchidrian

Guido Sanchidrian

This person does not have a biography listed with CSA.

Larry Hughes Headshot Missing
Larry Hughes

Larry Hughes

This person does not have a biography listed with CSA.

Robert de Monts Headshot Missing
Robert de Monts

Robert de Monts

This person does not have a biography listed with CSA.

Tim Owen
Tim Owen
Chief Engineer and Director of Advanced Programs, Secure Missions Solutions

Tim Owen

Chief Engineer and Director of Advanced Programs, Secure Missions Solutions

Tim Owen, Chief Engineer and Director of Advanced Programs for Secure Missions Solutions, a Parsons Company, has spent 30 years developing, implementing, operating, and assuring complex, high-performance networking and computing environments. Hespent the last 14 years supporting some of the highest value components of the US Federal government enterprise designing and deploying next generation protoco...

Read more

Nader Henein Headshot Missing
Nader Henein

Nader Henein

This person does not have a biography listed with CSA.

Arlene Mordeno Headshot Missing
Arlene Mordeno

Arlene Mordeno

This person does not have a biography listed with CSA.

Tom Donahoe Headshot Missing
Tom Donahoe

Tom Donahoe

This person does not have a biography listed with CSA.

Megan Bell Headshot Missing
Megan Bell

Megan Bell

This person does not have a biography listed with CSA.

James Hunter Headshot Missing
James Hunter

James Hunter

This person does not have a biography listed with CSA.

Mats Naslund Headshot Missing
Mats Naslund

Mats Naslund

This person does not have a biography listed with CSA.

Chinmoy Rajpal Headshot Missing
Chinmoy Rajpal

Chinmoy Rajpal

This person does not have a biography listed with CSA.

Jarrod Stenberg Headshot Missing
Jarrod Stenberg

Jarrod Stenberg

This person does not have a biography listed with CSA.

Gene Anderson Headshot Missing
Gene Anderson

Gene Anderson

This person does not have a biography listed with CSA.

Kyle Boyce Headshot Missing
Kyle Boyce

Kyle Boyce

This person does not have a biography listed with CSA.

Poonlarb Chatchawalkhosit Headshot Missing
Poonlarb Chatchawalkhosit

Poonlarb Chatchawalkhosit

This person does not have a biography listed with CSA.

Michael Cook Headshot Missing
Michael Cook

Michael Cook

This person does not have a biography listed with CSA.

Chris Drake Headshot Missing
Chris Drake

Chris Drake

This person does not have a biography listed with CSA.

Gregory Johnson Headshot Missing
Gregory Johnson

Gregory Johnson

This person does not have a biography listed with CSA.

Alberto Manfredi
Alberto Manfredi
Co-Founder and President of the CSA Italy Chapter

Alberto Manfredi

Co-Founder and President of the CSA Italy Chapter

Alberto Manfredi supports CSA EMEA in chapter expansion and development. He currently serves as Business Development Manager Smart Solutions with Selex ES, a Defense and Security Electronics Division of Finmeccanica Spa. He has been working in the ICT market since 1993 with a focus on information security in the last 11 years. He is a member of ISC2,ISACA-AIEA, SANS, AFCEA Rome, DFA, ANORC (honorary member) associations.

Read more

Javier Nieto Headshot Missing
Javier Nieto

Javier Nieto

This person does not have a biography listed with CSA.

Aniket Rastogi Headshot Missing
Aniket Rastogi

Aniket Rastogi

This person does not have a biography listed with CSA.

Shankar Subramaniyan Headshot Missing
Shankar Subramaniyan

Shankar Subramaniyan

This person does not have a biography listed with CSA.

Thriveni T K Headshot Missing
Thriveni T K

Thriveni T K

This person does not have a biography listed with CSA.

Are you a research volunteer? Request to have your profile displayed on the website here.

Interested in helping develop research with CSA?

Join this Working Group
View all Working Groups

Related Certificates & Training