6 Layers of Security Your IoT Setup Needs

By Bernhard Mehl
August 2, 2018
‍The World of IoT 

Just a decade ago, the internet connectivity was limited to mainly computers and laptops at home and office. The introduction of affordable smartphones and the rapid proliferation of social media changed the way people communicated with each other. Soon, however, real-time communication started to take over industrial and household devices, ushering in a new era of Internet of Things or IoT.

Sadly, this ease of communication came at a price. The risk of data and identify theft also increased. In 2017, the number of data breaches in the United States alone amounted to 1,579 with close to 179 million records exposed.

data breaches
Data breaches in the US. Source

The increasing frequency of cyber attacks has become the number one concern globally. Even if you aren’t directly affected in a cyber attack, your IoT devices may be helping the cybercriminals unknowingly. To prevent identity theft, you must keep your IoT network as secure as possible. But, IoT security is a tricky business that requires multi-layered security approach.

Here is a list of six security layers to strengthen your IoT setup.

1. Network Security

Historically, network security was the domain of well-trained experts. However, you also need to understand the basics of network security as you are the administrator of your home IoT network. The first thing you need to remember is not to rush through your IoT setup as it may lead to numerous security problems later. So, be patient. Set up and secure one device at a time.

Unfortunately, most IoT networks are wireless. Securing a wireless network can be a bit challenging as there are several different communication protocols, standards, and device capabilities. However, one of the easiest ways to protect a network is to change the default usernames and passwords of the broadband router or another wireless access point.

This access point device usually comes with an embedded server or webpage. As the administrator, you can change the username and password here to keep your network secure. You should also change the default Service Set Identifier (SSID). A default SSID often indicates a poorly configured network, increasing the chances of an attack.

2. Authentication

The authentication process keeps unauthorized persons from gaining access to your network while allows you (the administrator) to access the sources you need. You will need to consider different factors to set up necessary authentication rules. For example, you may want to allow multiple users to access a particular device such as your microwave, Wi-Fi, or TV. They may also want to set different parameters according to their needs.

A simple authentication involves providing the users with a username and a password to access a particular device. However, you can also use advanced methods such as two-factor authentication and biometrics. In case of a two factor authentication, after entering a username and password, users receive a One-Time Password (OTP) via e-mail or SMS. Alternatively, you can also use digital signatures, Personal Identification Number (PIN), and smart card. Multilayered authentication adds extra protection. Hence, it is preferred in high-security environments.

3. Encryption

Security of moving and stored data is also a crucial part of overall IoT security. Hackers have known to sniff the moving data to gain illicit access to IoT networks. Unfortunately, the variety of connected devices makes it difficult to find a one size fits all solution.

Most Wi-Fi home networks support encryption technologies such as WPA and WPA2 among others. However, they are not the strongest encryption algorithms out there. The key length or the number of bits in the encryption key determines the success of network encryption. Encryption keys have a predetermined lifecycle. So, they become worthless after the desired period of usage. Thus, encrypting IoT data also requires efficient encryption key lifecycle management.

4. Cloud

Cloud is one of the primary sources of potential cyber threats looming over your IoT network. Cloud often refers to the software environment of the IoT setup connecting the smart devices and a central hub where data is analyzed and stored. In other words, it is the big data that requires protection against cyber attacks.

Most critical security components of the cloud include stored data, platform, and application integrity verification. By default, your service provider is the first line of defense against cloud based data breaches. They are supposed to provide you with a secure cloud environment. So, choose your cloud service provider carefully. Preferably someone who uses advanced security practices and controls.

5. Device Lifecycle Management

Often overlooked, device lifecycle management involves keeping all your IoT devices and systems updated regularly. The best way to ensure everything including operating systems, firmware, and application software remains up-to-date is to turn on automatic updates.

Cyber attackers continually keep changing their tactics to find new ways to invade secured IoT networks. Most device manufacturers and cloud service providers create security patches to deal with them. So, make sure the security patches are installed correctly. Follow the required security protocols when adding new devices to the network, end-of-life device decommissioning and integrating your network with a new cloud system.

6. Interface or API Protection

Usually, an application programming interface or API is used to access the devices connected to the IoT setup. API security is critical to ensure that only authorized devices, developers, and apps are communicating with each other. In other words, it maintains the integrity of the data.

You can use a comprehensive API management tool. Most tools can automate connections between an API and the applications. They can also ensure consistency if you are using different variants of API. They can improve performance by managing the memory and caching mechanism as well. Just make sure to select a tool that suits your IoT network requirements.

Over to You

The rapid growth of IoT networks has made our lives easier. But, it has also increased the risk of data and identity theft significantly. Sadly, securing an IoT setup is easier said than done owing to its complex structure with a multitude of devices. Hopefully, the six layers of security mentioned above will help you keep it secure from cyber threats. Do you have an IoT setup at home? What security measures did you implement? Share your experiences and thoughts in the comments.


Phone-based systems are not just a small-business solution. CEO of Kisi, Bernhard Mehl, comments: “If you see the average of three doors connected then that might seem low but, in reality, one door relates to around 50 employees—so those are locations with about 150 people on average, including satellite offices. That’s quite significant.”

Mobile Access Control Adoption by Industry

Kisi examined which industries are investing the most in mobile access control technology. To do so, the average size of mobile access control installation projects by industry were measured. Commercial real estate topped the list with 23.5 doors running mobile access per facility. Education management came in last with 1.0 door running mobile access per facility. 

Physical Security Statistics: Mobile Access by Industry

The number of shooting incidents at K-12 schools, according to the CHDS, reached an all-time high at 97 incidents in 2018—compared to 44 in 2017. Cloud-based access control companies, like Kisi, offer a lockdown feature for active shooter situations or emergencies, making it an effective protective layer for places that are targeted, such as religious institutions, which come in near the top of the list with 4.0 doors running mobile access per facility. 

Based on industry size, it makes sense that commercial real estate tops the list, with 23.5 doors running mobile access per facility. Cloud-based access control enables these larger organizations to scale more seamlessly and allows large organizations, like telecommunications, to deploy the most manageable IT solutions available, eliminating the need to create and manage a business’s own IT infrastructure over time.

“Commercial real estate is, of course, the driver of mobile adoption since they have the largest buildings,” Mehl adds. “The key here is to show that mobile-first technologies are not a risk but an innovation that brings positive ROI and allows agencies to reposition their buildings as forward-thinking establishments.”

The scalabelilty and ease of use in onboarding an organization allows many different types of industries and businesses of different sizes to adapt a cloud-based access control system, either using keycard or mobile credentials for access. 

Mobile Access Control by State

Looking specifically at the United States, Kisi analyzed in which states companies are investing the most into upgrading to smartphone-enabled access systems. Of the currently installed base of access control readers, around 20 percent will be mobile capable by 2022, according to a recent IHS report. Cloud-based systems, like Kisi, are future-proof—allowing over-the-air updates in real time and unlimited scalability for users.

“Mobile unlock technology makes you think of the major tech hubs like New York, San Francisco or Los Angeles,” Mehl adds. “Looking at which states have the largest projects, it’s surprising and refreshing that those are not the typical ‘tech cities, and yet that’s where access control technology really makes an impact.” The fact that the largest projects are seen in states outside of the typical tech startup landscape is evidence that mobile access control is highly applicable across industry sectors.

For further questions about this study, reach out to Kait Hobson (kait@getkisi.com)

Bernhard Mehl

Bernhard is the co-founder and CEO of Kisi. His philosophy, "security is awesome," is contagious among tech-enabled companies.

Stay updated with Kisi about news and feature releases

Free access to our best guides, industry insights and more

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
IT Advice
Useful Resources