The development of an IoT device, many times referred to as an embedded system or a connected device, is a complicated task, involving many processes that are conducted by different entities. Usually, these processes are driven by several owners with different considerations, challenges, and constraints – engineers, architects, and product managers – each wants to deliver the best quality product in the fastest time to market. Once a security implementation is integrated with the other processes, things get even more complicated, and important questions need to be asked – how do we know what is the right security for the product? How do we test its security? How can we fix a security issue as fast as possible? How can we optimize the product security without slowing down the Continuous Integration (CI) process?
This article suggests a method of security integration into the IoT device development process and is designated mainly for technical professionals, yet, provides insights and benefits for those who read it from a business perspective.