What should you pay attention to when purchasing an IoT portal? Usually, when doing research for the best IoT portal, you look for a combination of the best features. However, security should not be forgotten. You can have a great solution, but if it’s not secure enough and you fall victim to a cyber attack, you have nothing but misery.
An IoT portal should include at least these features to be considered properly secured:
1. Strong password requirements
Ensure the IoT portal has strong password requirements, so users can only create secure passwords. The best password should at least consist of 12 characters. A good alternative to a password is a passphrase, which is longer than a traditional password, easy to remember and difficult to crack. If you have a weak password unwanted users can log into your account with automated log in scripts.
2. Two factor authentication
With two factor authentication you first log in with your username and password. Then a personal code is generated to another device, like your smartphone, to ensure that you’re the only one that can log into your account. Ensure it allows for backup methods, so you can receive an email with backup codes, or if there’s a company admin who can switch the authentication to another device.
3. Low or no user license costs
Every user should have his own account. Don’t go with a portal that has high user license costs, because this causes users to share their accounts, which means you don’t have any control of what happens in the portal and sometimes you are not even able to log in simultaneously. Sharing accounts means everyone is an admin and the password is lying around in 20 different places, which is asking for trouble. When someone decides to change the password, nobody can log in anymore. Also the audit trail becomes confusing, because you only see that the admin has made changes and you don’t know who’s behind every action.
4. Event log
Check whether the IoT portal has an event log or audit trail. When everyone has separate accounts, you can see who’s logged in and what everyone is doing. See who made which changes and who had access to certain machines. This allows you, in the event of a malfunction or error, to find out what caused the problem and who was responsible.
5. Advanced user management
The IoT portal should have extensive user management which allows you to set and restrict user permissions. Define who gets access to what, and what each user can see, do or adjust. This prevents users from accidentally changing important settings or accessing data or machines that they don’t need access to. Some IoT portals even allow you to assign machine specific access to users which lets the admin decide what machine is accessible to whom.
6. Session management
When the IoT portal features session management, a session is created when someone logs in. The admin can see which sessions are open and from what location, browser, device or IP address. He can withdraw the session if it lasts too long or if there’s an indication that something is not right.
Choosing the right IoT portal
In addition to these features, you should choose an IoT portal with management commitment, which ensures that security is a priority throughout the organisation. Determine whether this is the case by checking if they have the right certifications and if they are transparent about security.
Does your current IoT portal include all must-have security features? Then you have chosen the right one, and less to worry about in terms of security. Does your IoT portal lack these features or are you still looking for a good solution? Ask multiple IoT providers about their security features and bring this checklist to see whether these features are included.