How IoT changes your threat model: 4 key considerations
Similarly, when employees and executives interact as a group or individually with technologies like voice-activated virtual assistants, data confidentiality and privacy can become important concerns, says Dan Cornell, CTO at the Denim Group.
Conversations that happen in conference rooms or in an executive office can involve privileged and protected information that are sent to the device manufacturer’s cloud, Cornell says. Considerations like whether confidential data is stored locally or in the cloud, where the data travels and how traceable it is, all become vital to understanding and mitigating the threat, he says.
Securely sending data over IoT systems is another challenge, because a high percentage of the traffic is not encrypted. Organizations also can underestimate the risk around device identification and authentication, provisioning and maintenance without formal threat modeling, Cornell says.
About Denim Group
Denim Group is the leading secure software development firm, serving as a trusted advisor to customers on matters of software risk and security. The company builds software for the most security conscious while helping organizations assess and mitigate risk within their existing software. Denim Group's flagship ThreadFix product accelerates the process of software vulnerability remediation, reflecting the company's rich understanding of what it takes to fix application vulnerabilities faster. Denim Group has emerged as a strong contributor to the larger application security community and has actively participated in the Open Web Application Security Project (OWASP) since shortly after its inception.
Among many other awards, Denim Group has landed on the "Inc. 5000" list - which recognizes the country's 5000 fastest-growing private companies - for five years in a row. In addition, the San Antonio Business Journal named Denim Group as one of the "Best Places to Work" in the city.
Denim Group is a registered service mark of Denim Group, Ltd.
Other names and brands may be claimed as the property of others.