New IoT rules are being written. Are you prepared?
The Internet of Things (IoT) has already reshaped the world as we know it, but risks are abound in maintaining privacy. With consumer protection as the end goal, government authorities around the world are leading the charge to regulate the IoT, and regulatory pipeline at the state, federal and global level is chock full of IoT security bills designed to hold product manufacturers accountable for consumer device security.
This wave of new IoT regulations is prompting manufacturers to consider ways to enhance their device security programs, even as other, even more powerful, incentives also drive transformation. After all, making safe and secure consumer products is what will enable tomorrow’s manufacturers to build customer trust, gain competitive edge and grow market share.
So how can manufacturers reinvent product security for the evolving and expanding IoT ecosystem?
Related content: Discover more about Internet of Things and the business value of connectivity
To view the country data please hover and click on the map
Snapshot of recent industry-specific regulatory activities
|
KPMG researchers examined the current global regulatory landscape to identify 8 focal areas of IoT rules. These focal areas help define the basic blocks of future IoT product security programs that not only meet regulatory requirements, but also protect consumers, earn trust and enhance the long-term value of IoT products.
Put effective governance in place to shape the direction of the program, promote standardization and consistency, and monitor regulatory risks on an ongoing basis.
Understand the risks connected devices present to their own operations and assets as well as their key stakeholders, including consumers.
Manufacturers are accountable for the security posture of third parties involved in their operations. Unique to the IoT device lifecycle, this includes oversight of software vendors that continue to interact with devices after they are delivered into consumer hands.
Be expected to incorporate secure development lifecycle (SDL) techniques into the design and production of connected devices.
Are responsible for ensuring secure default configuration are preset into IoT devices and for controlling who can make changes to configurations and what kind of changes can be made.
Embrace software security best practices to ensure use of connected devices is limited to authorized people, processes and devices.
Held responsible for implementing reasonable methods to protect data that is generated, stored and transmitted to connected devices; ensure the availability, confidentiality and integrity of data needed to deliver post-market IoT services.
Actively and continually monitor, identify and fix security problems in IoT devices, including those in production and in operation.
Footnotes
Nick Naddaf
Manager, Emerging Technologies, KPMG LLP
