Microsoft Taps Partner Base For Azure IoT Security Audits

Microsoft is looking to its channel partners to bring its Azure IoT Suite's security services to customers deploying Internet of Things applications.

The Redmond, Wash.-based company is expanding its Security Program for Azure IoT, which seeks to reduce risk in IoT deployments by connecting customers to qualified channel partners who know the best practices and standards for security IoT.

"Really the goal is driving each other to make sure we're delivering security across the board," said Mark Johnson, cloud solution architect at Chicago, Ill.-based Microsoft partner 10th Magnitude, which just joined the program. "Microsoft is giving back to us in a couple of ways. We talked about a cool way to do some penetration testing."

[Related: Channel Players Step Up To Address IoT Security Concerns In Health Care]

Partners like Casaba Security, Tech Mahindra, Unisys Corporation, SecureGuard and 10th Magnitude have joined Microsoft's new program. The company will be working with these security auditing partners and standards organizations, such as the Industrial Internet Consortium (IIC), to establish industry protocols and best practices for security auditing.

"In all our security efforts, Microsoft works with security partners to help protect businesses – and ultimately help us raise the bar across the industry," said Sam George, partner director for program management at Microsoft's Azure IoT team. "Select Azure IoT customers will be the first to take advantage of this program to evaluate their end-to-end IoT infrastructure and manage their security risk."

As part of the program, 10th Magnitude has developed a security framework within its IoT practice. 10th Magnitude's IoT security audit involves an evaluation phase, including threat modeling, cloud assessments, encryption reviews, and authentication reviews; a training phase, which trains the customer for remote monitoring, data analysis and remediation planning; and a remediation phase, which provides solutions to identified risks.

"We had a few meetings and are trying to pull together two internal projects. One is a whitepaper on IoT security, and the other is coming up with a threat modeling mechanism for how mature your IoT security platform is," said Johnson. "It's really a maturity model – how far along are customers in developing security for their solution or IoT platform – we bring it to customers and tell them how far along they are, where they might find gaps."

Microsoft is amping up its IoT Azure suite measures as IoT security becomes a larger concern for its enterprise customers. As more devices get connected, IoT deployments present many unique risks, including wireless protocols, limited physical security around devices, as well as limited physical access to the device for the manufacturer and acceptable loss of connectivity.

"In the coming months, we’ll continue to provide updates on the Security Program for Azure IoT, our global auditing partners, and auditing standards," said George.