Cloud 101CircleEventsBlog
The CCSK v5 and Security Guidance v5 are now available!

CSA Official Press Release

Published 10/07/2016

CSA Internet of Things Working Group Releases Industry’s First Guidance for Securing IoT Product Ecosystem

CSA Internet of Things Working Group Releases Industry’s First Guidance for Securing IoT Product Ecosystem

‘Designing and Developing Secure IoT Products’ Provides Actionable and Useful Guidance to Raise the Overall Security of IoT Products

San Jose, CA – CSA Congress 2016 – October 7, 2016 – The Cloud Security Alliance (CSA) today released a new detailed and hefty guidance report titled Future-proofing the Connected World: 13 Steps to Developing Secure IoT Products created to help designers and developers of Internet of Things (IoT) related products and services understand the basic security measures that must be incorporated throughout the development process.

IoT is broad ranging, and the pace of change and innovation is fast. This makes identifying controls that can be applied against diverse IoT products difficult. Recently, much has been said regarding the need to secure the Internet of Things against a large number of attacks and a diverse pool of attackers. The broad applicability of the IoT concept across many industries and many types of products and systems has made it increasingly challenging to establish such guidance. With the release of this important and informative report, the CSA looks to provide much needed education and direction to product developers who know their products are at risk of compromise, but may lack the understanding as to where to start the process for mitigating that risk.

“It is often heard in our industry that securing IoT products and systems is an insurmountable effort,” said Brian Russell, Chair IoT Working Group and Chief Engineer, Cyber Security Solutions with Leidos. “However, with the help of our extremely knowledgeable and dedicated volunteers, we are providing a strong starting point for organizations that have begun transforming their existing products into IoT-enabled devices, as well as newly emerging IoT startups. We hope to empower developers and organizations with the ability to create a security strategy that will help mitigate the most pressing threats to both consumer and business IoT products.”

Specifically, the report lays out 13 considerations and guidance for designing and developing reasonably secure IoT devices, to mitigate some of the more common issues that can be found with IoT device development. Additionally, realizing that often times there is a need to quickly identify the critical security items in a product development lifecycle, researchers also outline the top five security considerations that when applied will begin to increase an IoT product’s security posture substantially.

Additionally the report lays out guidance in the following areas:

  1. A discussion on IoT device security challenges.
  2. Results from an IoT security survey conducted by the CSA IoT Working Group.
  3. A discussion on security options available for IoT development platforms.
  4. A categorization of IoT device types and a review of a few threats.
  5. Recommendations for secure device design and development processes.
  6. A detailed checklist for security engineers to follow during the development process.
  7. A set of appendices that provide examples of IoT products mapped to their relevant threats.

The CSA IoT Working Group focuses on understanding the relevant use cases for IoT deployments and defining actionable guidance for security practitioners to secure their implementations. The group is led by Russell, with initiative leads Priya Kuber and Dr. Shyam Sundaram. Nearly 30 CSA IoT working group members contributed to development of the 80 plus page guidance report. Individuals interested in becoming involved in future research and initiatives are invited to do so by visiting

The full report is freely available at

About Cloud Security Alliance
The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security-specific research, education, certification, events and products. CSA’s activities, knowledge and extensive network benefit the entire community impacted by cloud — from providers and customers, to governments, entrepreneurs and the assurance industry — and provide a forum through which diverse parties can work together to create and maintain a trusted cloud ecosystem. CSA has developed the definitive best practices for the industry, such as the “Security Guidance for Critical Areas of Focus in Cloud Computing”, the “Cloud Controls Matrix”, “Top Threats to Cloud Computing” and 50 other cloud security research artifacts. For further information, visit us at

Kari Walker for the CSA
ZAG Communications
[email protected]

Share this content on your favorite social network today!

About Cloud Security Alliance

The Cloud Security Alliance is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders. For further information, follow us on Twitter @cloudsa.

For press inquiries, email Zenobia Godschalk of ZAG Communications or reach her by phone at 650.269.8315.