IoT device manufacturers and service companies associated are now forced to (re-)evaluate securityduring all phases of their products’ life cycle.
The massive proliferation of Internet-connected objects associated with an increasing number of attacks targeting them and increasing applicable regulations (Cyber Resilience Act, NIS 2, ETSI EN34343, IoT Consumer…) lead to highly consider security of devices and protection of intellectual property as major concerns for already deployed devices or future developments.
Best security practices consist in reinforcing the level of security during the design of your product or when you are selecting your suppliers. Protecting sensitive data of your users very often come up against strong operational and financial constraints amplified by factual difficulties to master security on the whole IoT value chain (application, cloud, hardware, firmware).
Managing and auditing your already deployed products (or your subcontractors) can also be deemed very complex and require outsourcing security analysis to neutral and specialized experts (for reverse engineering, cryptography, methodology, tools…).