Earlier this year, Ubiquiti, a Silicon Valley-based IoT device maker, disclosed that it had been hacked. Customer account credentials were exposed, which allowed hackers to gain full access to all application logs, databases, user database credentials, and information required to forge single sign-on (SSO) cookies. This level of access would allow the attackers to remotely authenticate to countless Ubiquiti cloud-based devices, putting customers’ devices, such as routers, network video recorders, and security cameras, deployed in corporations and homes around the world at risk.
At Sensative we fully agree that ZeroTrust is the only way forward for IoT. But, this is way more difficult than for “normal IT”. IoT is not one network technology, it is often not even IP-based. So, the common solutions for ZeroTrust IT are not applicable to IoT mixed environments.
We are not only talking about it. We have solutions for ZeroTrust in IoT.
Our Yggio platform for any IoT technology is designed for ZeroTrust. But, many technologies are not designed for security; it is often something that is just added as a (shaky) feature on top. This is especially true if you consider a mixed environment with handover between different technologies and protocols.
Data and actions must be protected end-to-end, from device to user, disregarding communication technologies, standards, and protocols. And, it must work on very small and highly constrained devices. This is why Sensative is one of the participants in the EU financed Critisec project, among other initiatives.
It is not enough if we support ZeroTrust in our products. We understand that our customers will have a mix of suppliers, so we must enable them to choose freely but still secure their operations.