Key Measures to Ensure Security Across Infrastructure
Authentication of all the entities before they can join the network using a public key cryptography and X.509 certificates signed by a trusted root authority. These keys and certificates should be stored securely in Federal Information Processing Standards (FIPS) compliant hardware security modules.
Data confidentiality is implemented using encryption standards/ protocols like Transport Layer Security (TLS)/Datagram Transport Layer Security (DTLS) for the secure transfer of data over the network.
Data integrity is a basic mechanism of verifying the data based on cryptographic hashes like Secure Hash Algorithm (SHA).
Digital signatures give a recipient a strong reason to believe that the message or file was created by a known sender.
Role Based Access Control (RBAC) should be implemented across all the services offered by the applications.
Heightened security can be provided through secure boot mechanisms in IoT devices.
All data should be classified based on the security levels and critical data, like user authentication data, should be stored in an encrypted manner in the storage systems.
All software and firmware of devices should be security hardened to avoid backdoor entry attacks.
All the centralized infrastructure should be protected against Distributed Denial of Service (DDOS) attacks.
All computing systems should receive the latest security patches updates against known vulnerabilities.
Advanced security should be implemented to protect critical IT infrastructure in cloud and data centres, including Anti-APT (advanced persistent threat) systems, intrusion protection systems, network behaviour analysis tools, antivirus and anti-malware systems, next generation firewalls, security information and event management, email security systems, data loss prevention systems etc.