The Security of the Internet of Things is not about the Things
There is no real way to make a computing device really secure. It’s arguable therefore that a modern approach to security should be all about defence in depth, rather than any one individual security measure that would make a thing magically secure. Security is therefore about avoiding mistakes, rather than making them. About seeing the path ahead.
Every layer of security helps, at least if is implemented in a realistic way with realistic expectations. However, it’s arguable that on their own most security measures don’t help all that much. So security is aways going to be an accumulation of measures, rather than the individual measures you take.
“Security is therefore about avoiding mistakes, rather than making them.”
If everything is hackable, and it is, and anyone that tells you otherwise is trying to sell you something, then what you need to turn things on their head. Don’t think about security, think about risk. There is really only two questions you should ask about the security of a thing, and that is “…what is the risk that this device will be compromised?” and then “…if it is compromised, what are the consequences?” Your approach to security should always be about the risk, the consequences, if you fail. Because at some point you…
