From Digi International: Top 5 Questions to Ask When Securely Deploying & Managing Remote LTE Devices

May 16, 2017
 

Written by Jess Morriss from Digi International 

Does my vendor do Penetration Testing?
Penetration testing, also known as pen testing, tests for vulnerabilities that an attacker could exploit on a device, network, or web application. Ideally, device manufacturers should submit to frequent (quarterly) pen testing by external contractors AND ad-hoc pen testing by interested customers.

What security certifications does my vendor maintain?
You want to see an active security office and security model, not just lip service. Having a dedicated security office means ensuring that security best practices are incorporated into the engineering design process. This approach incorporates accepted guidelines and processes that take into consideration product design and testing such as those defined by the third party organizations such as the American Society for Quality/ Failure Mode Effects Analysis; iSixSigma/DFMEA; ISO9001 SDLC, Penetration Testing Execution Standard and OWASP; as well as emerging standards such as the Online Trust Alliance (OTA).

How does/should my vendor generate true random numbers and secure key storage?
A secret code is only as good as the random number it is based on. Computers are inherently deterministic—so how can they make a truly random number? True Hardware Random Number Generators (TRNG) use the random properties of the physical world to create truly random numbers based on quantum noise.

When Was Your Vendor Last Audited, What Did They Find, and What Did You Do About It?
Does your vendor provide ongoing threat measurement and monitoring services as well as performing internal and external security audits on a regular basis? Regular audits ensure up-to-date security patches, and provide ongoing proactive communication regarding upcoming threats. Certain industry security frameworks, like ISO27001, and PCI DSS require these regular audits.

What will this cost us?
As a general rule, you should only pay a recurring fee if the vendor is making a recurring investment. For example, you should pay once for a great firewall and you should pay ongoing for ongoing device management. It is a good idea to make evaluate the total-cost-of-ownership between different vendors. Our competitor’s total-cost-of-ownership tends to always be higher because they charge for security services, or worse, they offer them at all.

Source: https://www.digi.com/blog/uncategorized/5-security-questions-many-vendors-dont-want-you-to-ask-them/

Contact Symmetry Electronics at 866-506-8829, email us or start a live chat and we'll be glad to help you with your projects!


http://www.semiconductorstore.com/DIGI-International/



Subscribe

Sign up to get tech news, product updates and store promos from Symmetry Electronics.

Subscribe

Blog Archive

  2021
  2020
  2019
  2018
  2017
  2016
  2015
  2014
  2013
  2012
  2011
  2010
  2009

Previously Viewed Products