Securing IoT: Why Transparency and Privacy Must Go Beyond the Label 

There’s no denying it – IoT devices are everywhere. Consumers continue turning to connected devices allowing them to control everything from smart lighting with a swipe of their phone, to leveraging smart sensors to avoid home maintenance headaches. By bringing these products into their homes, consumers trust that the smart devices they’re using are both innovative and secure when it comes to keeping their data safe. 


Double Down on Consumer Protection 


With the number of connected devices expected to double to nearly 30 billion by the end of the decade, securing IoT and protecting consumers from cyberattacks is more important than ever. That’s why the White House announced the U.S. Cyber Trust Mark IoT labeling program. The program is intended to make it easier for American consumers to choose smart devices that are less vulnerable to cyberattacks. 


The voluntary program, which aims to be up and running in 2024, would place new labels on smart device retail packaging letting consumers know which products meet the highest standards and can be trusted in their homes. As the leading U.S.-based Platform as a Service (PaaS), Pepper is proud to support the new U.S. Cyber Trust Mark and applauds the Biden Administration for its leadership in prioritizing cyber risk and for spearheading this new program putting consumer IoT cybersecurity in the spotlight. However, promoting secure solutions can’t end there. 


IoT Cybersecurity Beyond the Label 


As an IoT platform powering devices in homes across the country, providing a secure and trusted solution is a responsibility Pepper doesn’t take lightly. We are committed to supporting the standards as the U.S. Cyber Trust Mark program develops, but it’s important to point out that security must extend beyond physical packaging and into the IoT platform itself. 


The White House plan is aimed at helping consumers make better choices when shopping for secure connected solutions. The new program may be aimed at device manufacturers and retailers, however we think it’s important that IoT platforms take it upon themselves to be proactive and take the steps necessary to promote secure connected experiences, and ultimately, promote more transparency for U.S. consumers. Tough questions need to be asked about IoT cybersecurity including: 


  • Which IoT platform is powering the device and where is that company based?  
  • What consumer data is being collected and how is it stored and kept safe?  
  • Is that information staying on U.S. soil or being transferred overseas? 


While standards and guidelines for IoT platforms are evolving, Pepper believes it’s important to go beyond what’s required and provide privacy standards to our partners – whether mandated by a federal program or not. For example, the General Data Protection Regulation (GDPR) dictates data privacy and security regulations for the European Union and is among the toughest laws of its kind. Although GDPR is a European set of data protection laws, many companies in the U.S. follow GDPR’s privacy standards not because it’s required, rather it’s done for best consumer practices and promotes the toughest standards of its kind. 


Greater Transparency with Pepper 

At Pepper, we believe the same approach should be taken when it comes to the privacy and security of data on IoT platforms. Consumers may not be aware of the data being collected “behind the scenes,” but that doesn’t mean it can be brushed under the rug. At Pepper, we believe it’s important to go beyond the guidelines and provide our partners a robust set of privacy and security practices to keep data safe throughout the IoT journey.  


We are committed to helping our partners fill IoT gaps, including 24/7 managed and monitored cybersecurity. Our approach includes: 


  • All data stored in the U.S. – We follow all U.S. compliance laws and never share customer data without consent. 
  • End-to-end encryption – Including unique certificates per device and encrypted video streaming. 
  • Secure over-the-air updates – TLS encrypted transport with signed OTA URLs and integrity verification available. 
  • Testing and scanning – Including real-time threat identification and alerting from multiple threat monitoring solutions. 


We’re thrilled this historic IoT labeling program will soon provide peace of mind and greater transparency to consumers across the country. And we stand committed to offering our partners that same level of transparency and safety to ensure the most secure solutions possible are hitting the market, promoting privacy in IoT. 

Sign Up for Our Newsletter