Understanding cellular IoT security: Part 3

Part 3: Achieving your security and business goals

With thousands of customers across the globe, Hologram has experience across industries helping customers get their cellular IoT connected devices to market. Our customers tell us how valuable it has been to engage with our teams early on to benefit from that expertise. Here’s how you can collaborate with Hologram to help achieve your security goals.

Building security in from the start

When you are building a cellular connected product and want to ensure the safety of your device and communications. Different vendors and different teams working on different areas of the technology all have to cooperate to implement your security.

Take the example of building a high performance race boat with parts and systems - the boat, engine, hull, transmission, propeller, steering, etc - that all have to work together. When pushing the boat to its limit and expecting it to perform, you can’t have one bolt that fails. All of the components have to coalesce to get the end result desired.

Security isn’t so different. When products are built, if security isn’t a cooperative and intentional effort, you may fail to implement the security policy correctly. You have to have an end-to-end understanding of the complex interactions between components and your third-party vendors - like your cloud provider - that make or break the security model.

Let’s take a look at how Hologram was able to help a client building a HIPAA compliant, FDA approved medical device that would send data over the Hologram cellular network.

• Right from the start, we were able to help them design their device so that it’s easier to achieve HIPAA compliance.
• For instance, we know that if you use certain levels of encryption end to end, you do not need to have a 3rd party perform an assessment.
• Since you have secured the vector, you don’t have to have the cellular networks be certified.

What about customers that want to transmit financial data, like credit cards, over cellular IoT connectivity? What do they need to know in order to ensure that the financial data is safe and compliant with PCI regulations? From EV charge point operators and bike rentals through point of sale systems and asset tracking, Hologram has thousands of customers sending sensitive financial information over our SIMs. With appropriate application-layer encryption used over our cellular connectivity, nobody, not even Hologram, can access the device data in the clear. So, not only do our multiple layers of firewalls help reduce devices' attack surface to near-zero, but confidentiality of sensitive application data is also easily achieved when using Hologram.

As you look for your cellular IoT provider, here are a few questions that are important to ask:

• What will happen if your primary core goes down?
• What do you offer contractually to guarantee your uptime?
• What business controls do you have in place to ensure the integrity of data?
• What access control systems and encryption do you have in place for sensitive data?
• Do you have documented policies and procedures around handling confidential information?
• Do you have a published privacy policy?
• Do you have processes in place to dispose of personally-identifiable information, such as in compliance with GDPR?
• What experience can you share in my industry to help ensure the security of my devices and services?

Here at Hologram, we can help accelerate your success. Our conversations are not just about what you might buy from Hologram, but about ways to make the individual layers of the product and your vendors cooperate even better to achieve your security goal and your business success.

We hope you found our blog series "Understanding cellular IoT security" valuable. Did you miss Understanding cellular IoT security Part 1: The Trust Services Criteria or Part 2: Software-Defined Networking?