ioXt Alliance is Making Device Security Transparent

 
Screen Shot 2020-09-04 at 11.34.21 AM.png

The ioXt Alliance SmartCert Label Gives Consumers Confidence by Making Device Security Transparent

At this point in the IoT era, most device users realize increased speed and connectivity bring increased risk: more connection means more privacy threats.  

But someone’s looking out for consumers, right? 

In fact, someone is. That someone is ioXt, the Global Standard for IoT Security. 

Arguably, the biggest challenge facing the security, privacy, and safety of the IoT is the lack of transparency regarding the security and privacy “ingredients” of connected devices. Product security content is not just about security functionality, such as authentication and encryption. It’s also about the product security development lifecycle, including regular security updates and a security support commitment—which has an enormous impact on consumer safety. 

Consumers need to be able to make informed decisions to protect their digital health and well-being. But how? Unfortunately, in the digital security world, hyperbolic and misleading claims of security are common. Or they’re not even mentioned, since there are no standardized compliance programs for consumer product security.

For example, what should the security requirements be for a webcam? Or a router, car, or smart light bulb? How can consumers, enterprises, regulators, and retailers be assured that the product is achieving a reasonable level of security and privacy quality? 

In the product security world, the answer is usually determined via threat modeling and the derivation of security objectives that can counter the identified threats. But threat modeling requires deep security expertise and knowledge of the product and its intended environment. These are things the average consumer can’t really tackle.

Nor should they have to. 

To solve the problem of defining the right set of requirements for device manufacturers in the fast-moving IoT world, security experts, tech companies, retailers, and other organizations banded together. They defined a baseline set of device security requirements that would enable manufacturers to make their offerings secure by design and rapidly improve device security and privacy. 

Organizations that share responsibility for product quality (regulators, retailers, and platform owners) can rapidly assess the security and privacy quality of their suppliers and partners. Consumers can make more informed purchasing decisions that help them stay safe. 

The baseline gaining the most international investment and attention? The Internet of Secure Things (ioXt) Alliance’s Pledge.

With the SmartCert label, developed and provided by the industry-led ioXt Alliance, consumers can confirm the devices they’re using are ioXt certified. In short, the SmartCert provides visibility to the consumer about the security of the devices they are buying and putting into their homes.  

For the consumer, an ioXt SmartCert QR code on a device’s packaging means it’s easy to know if the device satisfies all eight principles of the ioXt Security Pledge, which drive security, upgradability and transparency.   

How does it work? The ioXt SmartCert is a QR code updated in real time. This means it routes directly to the device portal page and shows if the device is currently “ioXt certified” or not. The SmartCert provides a simple and direct message: namely, that the device is secured for use. There are no colors, numbers, or other labels that need interpretation.  

Says ioXt CTO Brad Ree, “Devices receive the ioXt SmartCert after meeting or exceeding the requirements in its designated product category.” In this way, ioXt Certification is a living, continuous process that improves and helps maintain security throughout a device’s lifetime. 

Knowing a device that connects to everything in your life is secure—or not—is worth a lot. 

Conclusion

The Certification Program was born of the tremendous need for device security in the IoT era. With the creation of the SmartCert label, everyone can breathe easier. Consumers know the device is safe. 

As Ree sums it up, “While consumers have long called for better device security and privacy protections, we understand that retailers are now putting tremendous pressure on consumer tech to ensure the IoT products they put on their shelves are secure. With significant revenue on the line, companies are recognizing the need to provide transparency and assurance to those using or selling their products.”

Which makes the ioXt SmartCert an incredible value to everyone who’s looking for a smart way to connect—and to help build an internet of secure things.