Security framework for smart cities need to consider the entire IT lifecycle

Why security and trust must be built-in throughout the entire lifecycle of technology deployment?

Gartner estimates that more than 20 billion devices are set to be connected to the internet by 2020. From consumer devices, power grids, to infrastructure, the hyper-connectivity, intelligence, and interoperability of cities are key drivers of smart city development. Yet, these elements are also expanding the exposure of our attack surfaces—also growing at an exponential and alarming rate. 

Data breach incidents in India had been increasing day by day in India. Around 36 per cent of small businesses have been victims of data breaches in 2019. While data breaches threaten small companies with painful consequences, the survey by cybersecurity firm Kaspersky revealed that security measures taken by them to prevent such incidents are often insufficient.

But this data breach can be restricted by choosing the right security product, thereby protect themselves both from malware and human factor risks.

Security that accounts for the lifecycle of technology powering smart cities

The intricacies of cybersecurity is compounded by the diversity of security concerns. In fact, the number of intrusions occurring across the lifecycle of the entire technology stack can be mind-boggling. While 48 percent of breaches originate from human error, end-to-end security is frequently tackled in piecemeal fashion, with organizations today spending more than 1,100 hours a week managing and containing insecure endpoints. This is time that could have been invested on innovation and value.

Instead, organizations and cities that are concerned with cyber threats should approach security around four key areas—device, identity, online, data—to ensure all active technology entering your organization is deemed safe and secure end-to-end. 

Device security

With cybercriminals increasingly targeting the supply chain to introduce vulnerabilities into devices during manufacturing and prior to delivery, it becomes essential that organizations choose the right partners to provide devices secured right from the first layer of supply chain. This approach effectively embraces the entire IT lifecycle, from system design to supply chain vendor best practices, to continuous services that help organizations close exposures and recover from breaches, right down to the safe disposal of equipment. 

In the supply chain, for instance, having a rigorous, trackable, and auditable security set of standards helps organizations arrive at strong security fundamentals, so they spend less time on time-consuming issues such as patches, and prioritize their time to drive innovation and growth. 

Identity security

With more than 81 percent of data breaches involving weak, stolen, or even default passwords, the authentication of user identity stands as one of the top concerns organizations have, no matter how smart the city. Increasingly, an optimal way to address this is to ensure enterprise users have the ability to seamlessly secure their devices through biometric features they are already used to on their mobile phones, and having hardware features like Match On Chip (MOC) fingerprint readers and FIDO (Fast Identity Online) Alliance standards for added advantage to secure work devices. 

Online security

In addition to including FIDO-enabled hardware, the use of Virtual Private Networks (VPN) can help users mitigate threats when they are not certain if they are connected to safe wireless networks. This is a crucial factor with the younger, mobility-focused talent pool entering the workforce, as well as the increasing number of mobile and gig economy workers across Asia Pacific. Organizations in the region can expect to see increased exposure due to the proliferation of devices and user profile types.

Data security

Data theft can happen in scenarios as simple as a standing meeting with colleagues, or a birthday celebration in the office. Computer screens, left unattended, means that someone else is able to access data not meant for their eyes when we least expect it. Shielding data in the new age requires an all-encompassing and scalable security solution to stay ahead of criminals in the cyberspace. 

While there is no one-size-fits-all approach, when it comes to safeguarding cities, how and what we procure from a hardware, software, and services perspective intrinsically inform our security posture.  

In close, Asia Pacific can breathe easier when its technology adoption is supported not just by innovation, but processes and partnerships that allow for the constant calibration through the lifecycle of technology. Finding the right technology partner that takes this approach towards security innovation, rather than a piecemeal one will ultimately help organizations align to the smart city agenda across the region.

Disclaimer: The views expressed in the article above are those of the authors' and do not necessarily represent or reflect the views of this publishing house