ZARIOT Interview: Best Practices to Safeguard Your IoT Project

As more processes become digitized, there are increasing opportunities for bad actors to cause harm. It’s important for individuals to recognize the importance of IoT security, both for their personal data and their company’s data. I’ve outlined some best practices to consider when developing IoT projects below, to help you keep both your own and your company’s data and assets safe from potential threats.

Availability & Visibility

The basic requirement for every IoT product suite is the continuous availability and visibility of data. These updates on device health and users are key components to effective cybersecurity and monitoring. They allow you to deal with rogue or compromised devices immediately before it affects other system components. Visibility also ensures that older devices can be removed prior to becoming ghost devices (old, unused, or hidden devices), which can pose significant security risks.

The main problem with out-of-date software and legacy hardware associated with ghost devices is that once they pass their end-of-life cycle, the vendor no longer maintains or supports the products, resulting in security vulnerabilities and risk to organizations.


Other than 24/7 transmissibility, data reliability and verification of devices in both directions is also vital. In the age of Artificial Intelligence (AI) and Machine Learning (ML), there is rising concern surrounding authenticity of data. Sophisticated hackers are able to utilize methods to impersonate and tamper with data, potentially causing cascading failure across your enterprise.

To maintain airtight IoT security, you need a reliable computing base that functions as the root of trust and is tamper-proof. A root of trust holds your cryptographic keys and secures communication with the network and other channels, making it intrinsically secure. Cryptographic keys are also randomized and unique across different devices. If one device is compromised, all other devices will still remain safe.


One way to verify service integrity is implementing security by design, where products and capabilities are designed from the get-go to be foundationally secure. Security is also a continual process, requiring you to patch and update systems as technology evolves.

Should a cyberattack occur, it is just as important to understand how your business is going to respond and recover. It is natural to focus on technology and systems but recovering should extend to your customers. That’s why creating a plan is so important. You want to make sure you can respond quickly and have the right outcomes for your business priorities.


The EU’s expanding General Data Privacy Regulation (GDPR) and the California Consumer Privacy Act (CCPA) in the United States are just the tip of the iceberg surrounding a slew of upcoming global data privacy and cybersecurity regulations.

You may be subject to varying levels of privacy and IoT security regulations, if devices are deployed across different countries or regions. Non-compliance may result in hefty penalties and sanctions. It is essential to pick an ecosystem partner that can help you navigate the complex data privacy and cybersecurity landscape.


Long term planning for an IoT project can be like looking into a crystal ball, attempting to anticipate unexpected events. Even so, be mindful of the life cycle surrounding all your technologies. For instance, there’s the danger of 2G sunsetting, rendering devices that are reliant on the technology completely obsolete.


The added benefit to this is your IoT solution should also be flexible and customizable throughout the entire life cycle of the device. Imagine facing a sudden influx of data during peak EV charging times, or if you had to ship your EV chargers to different countries around the world, your connectivity solutions should be able to seamlessly connect and transmit securely, regardless of where your deployment is.

Ignoring IoT security is no longer an option. The stakes are too high, with the potential to lose personal data and company assets at risk. By implementing best practices outlined above, you can help ensure the safety and longevity of your IoT devices and projects. Don’t wait until it’s too late to prioritize IoT security today.

Managing Partner at Identity Praxis, Inc. | Website

Michael Becker is an intentionally recognized identity & personal information management solutions strategic advisor, speaker, entrepreneur, and academic. He advises companies on personal information economy business strategy, product development, business development, and sales & marketing strategies. He also represents them at leading trade groups, including the Mobile Ecosystem Forum. Michael is an advisor to Assurant, Predii, Privowny, and Phoji. He is the co-author of Mobile Marketing for Dummies and a number of other books and articles related to mobile marketing, identity, and personal information management. He is on the faculty of marketing of the Association of National Advertisers and National University. A serial entrepreneur, Michael founded Identity Praxis, co-founded mCordis and The Connected Marketer Institute, was a founding member of the Mobile Marketing Association (MMA), and was on the MMA board of directors for ten years and was MMA’s North American Managing Director for three years. In 2004, Michael co-founded iLoop Mobile, a leading messaging solutions provider. In 2014, Michael was awarded the 2014 Marketing EDGE Edward Mayer Education Leadership Award for his commitment to marketing education.

Tags: , , , , , , , , , , , , , , , , , , , , , , , , ,