3.1.7. Encrypt Device Data

ID	Priority	Best Practice
BP 3.1.7.1	Required	Use encryption to protect IoT data in transit and at rest
BP 3.1.7.2	Highly Recommended	Use data classification strategies to categorize data access based on levels of sensitivity
BP 3.1.7.3	Recommended	Protect your IoT data in compliance with regulatory requirements

Architecture Notes - BP 3.1.7.1 - Use encryption to protect IoT data in transit and at restUse encryption to protect IoT data in transit and at rest

For data at rest, the Storage Networking Industry Association (SNIA) defines storage security as “Technical controls, which may include integrity, confidentiality and availability controls that protect storage resources and data from unauthorized users and uses.” Thus, it’s required to protect the confidentiality of sensitive data, such as the device identity, secrets, or user data, by encrypting it at rest. For data in transit, use a secure transport mechanism such as TLS to protect the confidentiality and integrity of all data transmitted to and from your devices.

Recommendation 3.1.7.1.1 - Require the use of device SDKs or client libraries for the device to communicate to cloud

Configure the IoT devices to communicate only over TLS to cloud endpoints. For example, use AWS IoT Greengrass or Amazon FreeRTOS SDKs to secure connectivity from your devices to AWS IoT Core over TLS 1.2. See AWS IoT Core Developer Guide’s Transport security in AWS IoT.

Recommendation 3.1.7.1.2 - Encrypt data at rest or secrets on IoT devices

As explained earlier in section 2.3.3, take advantage of encryption utilities provided by the host operating system to encrypt the data stored at rest in the local filesystem. In addition, take advantage of Secure Elements, and TPMs. TEEs can add storage protections as well

Recommendation 3.1.7.1.3 -

Architecture Notes - BP 3.1.7.2 - Use data classification strategies to categorize data access based on levels of sensitivity

Data classification and governance is the customer’s responsibility.

1. Identify and classify data based on sensitivity collected throughout your IoT workload and learn their corresponding business use-case.
2. Identify and act on opportunities to stop collecting unused data, or adjusting data granularity and retention time.
3. Consider a defense in depth approach and reduce human access to device data.

See the following for more details:

• AWS IoT Greengrass Developer Guide: Manage data streams on the AWS IoT Greengrass core
• The Internet of Things on AWS – Official Blog: Designing dataflows for multi-schema messages in AWS IoT Analytics

Recommendation 3.1.7.2.1 - Implement data classification strategies for all data stored on devices or in the cloud, as well as all data sent over the network. Process data based on the level of sensitivity (for example, highly classified, personally identifiable data, etc.)

Before architecting an IoT application, data classification, governance, and controls must be designed and documented to reflect how the data can be persisted on the edge or in the cloud, and how data should be encrypted throughout its lifecycle. For example:

• By using AWS IoT Greengrass stream manager, you can define policies for storage type, size, and data retention on a per-stream basis. For highly classified data, you can define a separate data stream.
• By using AWS IoT Analytics, you can create different workflows for storing classified data. For highly classified data, you can define a separate pipeline and data store.

Architecture Notes - BP 3.1.7.3 - Protect your IoT data in compliance with regulatory requirements

Data governance is the rules, processes, and behavior that affect the way in which data is used, particularly as it regards openness, participation, accountability, effectiveness, and coherence. Data governance practices for IoT is important as it enables protecting classified data and complying with regulatory obligations. It helps to determine what data needs protection, or which data needs access control.

See the following for more information:

• AWS Cloud Enterprise Strategy Blog: Using a Cloud Center of Excellence (CCOE) to Transform the Entire Enterprise

Recommendation 3.1.7.3.1 - Define specific roles for personnel responsible for implementing IoT data governance

For example, there might be a need for new roles to monitor security, from both the functional and policy perspectives, to control data when it moves from IoT environments to the cloud.

Recommendation 3.1.7.3.2 - Define data governance policies to monitor compliance with approved standards

For example, you might define a policy that requires security credentials to never be hardcoded, even on edge devices. Thus, only services like Secrets Manager can retrieve secrets in an encrypted manner.

Recommendation 3.1.7.3.3 - Define clear responsibilities to drive the IoT data governance process

Multiple administrative roles can exist for a single system. For instance, you may define roles for users who can replace defective devices, and separate roles for users who can apply security patches and upgrade device firmware. Note that roles and responsibilities might change over the lifecycle of your IoT systems.

Additional Resources

1. AWS IoT Core Developer Guide: AWS IoT security
2. AWS IoT Core Developer Guide: Data protection in AWS IoT Core
3. Amazon FreeRTOS User Guide: Transport Layer Security
4. AWS IoT Greengrass Developer Guide: Security in AWS IoT Greengrass
5. AWS IoT Core Developer Guide: Security best practices in AWS IoT Core
6. AWS IoT Greengrass Developer Guide: Security best practices in AWS IoT Greengrass
7. The Internet of Things on AWS – Official Blog: Ten security golden rules for IoT solutions
8. AWS Training and Certification Free Course: Deep Dive into AWS IoT Authentication and Authorization
9. AWS Whitepaper: Securing Internet of Things (IoT) with AWS