{"id":20232,"date":"2023-04-07T14:00:00","date_gmt":"2023-04-07T13:00:00","guid":{"rendered":"https:\/\/www.riskinsight-wavestone.com\/?p=20232"},"modified":"2023-04-12T17:46:21","modified_gmt":"2023-04-12T16:46:21","slug":"improving-the-security-of-your-iot-infrastructure-configuration-tips-and-best-practices-on-azure-iot","status":"publish","type":"post","link":"https:\/\/www.riskinsight-wavestone.com\/en\/2023\/04\/improving-the-security-of-your-iot-infrastructure-configuration-tips-and-best-practices-on-azure-iot\/","title":{"rendered":"Improving the security of your IoT infrastructure: configuration tips and best practices on Azure IoT"},"content":{"rendered":"\n<p>Internet of Things (IoT) platforms enable the connection, management and monitoring of fleets of devices. The 3 cloud leaders, GCP, AWS and Azure each have their own offering, in a particularly fragmented sector, which sees many players competing.<\/p>\n<p>Azure, in recent years, has been gaining a foothold in this sector, as Gartner has pointed out, ranking them among the <strong>visionary leaders<\/strong> of Industrial IoT (IIoT) platforms [1] due to its capabilities, and its almost complete coverage of all use cases and industries.<\/p>\n<p>The IoT, by nature often widely exposed, even on the Internet, can be the<strong> target of attacks<\/strong>. It is therefore essential to put in place security mechanisms, and to<strong> apply best practices<\/strong> to improve the security level of the platform and the objects that connect to it, which we will explore in this article.<\/p>\n<p>Before moving on to specific <strong>recommendations<\/strong> for protecting your IoT devices and data, let&#8217;s look at how the various Azure IoT services can be used together to<strong> create secure IoT solutions<\/strong>.<\/p>\n<h1><span lang=\"EN-GB\" style=\"font-size: 20.0pt; line-height: 107%;\">Presentation of the Azure IoT offer<\/span><\/h1>\n<p>Microsoft Azure IoT is an <strong>end-to-end platform<\/strong> for connectivity, analysis and visualization of data from IoT devices. It also offers <strong>interconnection with other standard Azure services<\/strong> such as Azure Machine Learning and Azure SQL Database.<\/p>\n<p>Azure IoT offers <strong>two solution ecosystems<\/strong> to its customers:<\/p>\n<ul style=\"text-align: justify;\">\n<li>Azure IoT Central is a <strong>fully managed aPaaS<\/strong>, Platform as a Service application that <strong>simplifies the creation of IoT solutions<\/strong>. This service is responsible for connecting, managing and operating fleets of devices, and provides a management user interface. Azure IoT Central is an <strong>aggregate of different Azure IoT services<\/strong> such as Azure IoT Hub or Azure IoT Hub Device Provisioning Service (DPS).<\/li>\n<\/ul>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-20200 size-full\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/04\/Image1.png\" alt=\"\" width=\"836\" height=\"543\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/04\/Image1.png 836w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/04\/Image1-294x191.png 294w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/04\/Image1-60x39.png 60w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/04\/Image1-768x499.png 768w\" sizes=\"auto, (max-width: 836px) 100vw, 836px\" \/><\/p>\n<p><em>Azure IoT Central <\/em><strong>offers application models<\/strong> according to several business domains: Retail, Health, Energy, Industry, etc., and aims at a &#8220;turnkey&#8221; implementation. \u00a0<\/p>\n<ul style=\"text-align: justify;\">\n<li>A <strong>customised ecosystem<\/strong> thanks to the various Azure PaaS (Platform as a Service) services. In this ecosystem, two services; Azure IoT Hub and Azure Digital Twins are the <strong>foundations of an IoT solution<\/strong>. We have also combined them with Azure Device Provisioning and Azure Device Update for optimal coverage of cyber security needs.<\/li>\n<\/ul>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-20202 size-full\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/04\/Image2.png\" alt=\"\" width=\"830\" height=\"519\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/04\/Image2.png 830w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/04\/Image2-305x191.png 305w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/04\/Image2-62x39.png 62w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/04\/Image2-768x480.png 768w\" sizes=\"auto, (max-width: 830px) 100vw, 830px\" \/><\/p>\n<p>These two ecosystems enable Azure to <strong>address all types of IoT and IIoT needs<\/strong>:<\/p>\n<ul style=\"text-align: justify;\">\n<li>Azure IoT Central offers a complete service if you want to quickly develop a <strong>low-complexity application<\/strong> thanks to its application template catalogue.<\/li>\n<li>If you want a <strong>custom solution<\/strong>, or with features not supported by Azure IoT Central: opt for an ecosystem based on Azure IoT Hub.<\/li>\n<\/ul>\n<p>Now that we have a good understanding of the Azure IoT ecosystems, it is important to <strong>focus on securing these ecosystems<\/strong>. How can we effectively protect IoT devices and data when using Azure IoT services? This is what we will explore in the following sections.<\/p>\n<p>\u00a0<\/p>\n<h1><span lang=\"EN-GB\" style=\"font-size: 20.0pt; line-height: 107%;\">Preamble: the Azure CLI tool<\/span><\/h1>\n<p>In order to manage Azure resources, Microsoft provides several tools, most of which can be used in CLI (Command Line Interface). The tool offering the most functionality for management is <strong>Azure CLI<\/strong>.<\/p>\n<p>This tool, available for <strong>Windows<\/strong> and <strong>UNIX<\/strong> operating systems, allows a user who is a member of an Azure environment to <strong>manage and obtain information about Azure resources<\/strong>. It should be noted that the range of possibilities of this tool varies according to the rights that the user has over the resources in question.<\/p>\n<p>To install it, Microsoft provides a <a href=\"https:\/\/learn.microsoft.com\/fr-fr\/cli\/azure\/install-azure-cli\">dedicated page<\/a> explaining the steps for any type of environment.<\/p>\n<p>In order to use it, all you must do is <strong>connect<\/strong> to an Azure user account via the chosen command interface (<strong>PowerShell<\/strong> or <strong>Bash<\/strong>), then <strong>enter the desired commands<\/strong>. Once the use of this tool is finished, a disconnection of the account is recommended.<\/p>\n<p>A <strong>typical use<\/strong> of this tool is shown below:<\/p>\n<table style=\"border-collapse: collapse; width: 100%;\">\n<tbody>\n<tr>\n<td style=\"width: 100%; background-color: #002060; border-color: #002060; border-style: solid;\">\n<p><span style=\"color: #ffffff;\"><span style=\"color: #ffff00;\">az<\/span> login [<span style=\"color: #808080;\">-u<\/span> Nom d\u2019utilisateur] [<span style=\"color: #808080;\">&#8211;use-device<\/span>]<\/span><\/p>\n<p><span style=\"color: #ffffff;\">[Commandes Azure CLI] [Exemple : ]<\/span><br \/><span style=\"color: #ffffff;\"><span style=\"color: #ffff00;\">az<\/span> resource list<\/span><\/p>\n<p><span style=\"color: #ffffff;\"><span style=\"color: #ffff00;\">az<\/span> logout<\/span><\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p style=\"text-align: justify;\"><span style=\"font-size: revert; color: initial;\">The documentation of this tool, presenting and explaining all the possible commands, is available at this <\/span><a style=\"font-size: revert;\" href=\"https:\/\/learn.microsoft.com\/fr-fr\/cli\/azure\/reference-index?view=azure-cli-latest\">address<\/a><span style=\"font-size: revert; color: initial;\">.<\/span><\/p>\n<p>This tool will be used later in the example of technical manipulations.<\/p>\n<h1 style=\"text-align: justify;\"><span lang=\"EN-GB\" style=\"font-size: 20.0pt; line-height: 107%;\">1st security vector: authentication of objects<\/span><\/h1>\n<p>Device authentication is crucial for an Azure infrastructure as it ensures that <strong>only authorised devices can access cloud resources<\/strong>. Azure IoT services support two main means of authentication for IoT devices:<\/p>\n<ul style=\"text-align: justify;\">\n<li>A <strong>SAS Token<\/strong> (Shared Access Signature) is a <strong>string of characters<\/strong> used to authenticate devices and services. An SAP token has the following structure:<\/li>\n<\/ul>\n<p style=\"text-align: justify;\">\u00a0<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-20249 size-full\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/04\/Image12.png\" alt=\"\" width=\"2426\" height=\"637\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/04\/Image12.png 2426w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/04\/Image12-437x115.png 437w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/04\/Image12-71x19.png 71w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/04\/Image12-768x202.png 768w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/04\/Image12-1536x403.png 1536w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/04\/Image12-2048x538.png 2048w\" sizes=\"auto, (max-width: 2426px) 100vw, 2426px\" \/><\/p>\n<p>This type of authentication has a <strong>defined validity period<\/strong> and permissions, which are assigned based on an access policy, on a <strong>given perimeter<\/strong>. The <strong>signature<\/strong>, on the other hand, is a crucial element because it is responsible for guaranteeing the security of communications between the object and Azure services, but also for proving the identity of the device. This signature is generated from a secret that must be <strong>specific to each device<\/strong>.<\/p>\n<ul style=\"text-align: justify;\">\n<li>An <strong>X.509 certificate<\/strong> [2] is a digital certificate allowing <strong>strong authentication<\/strong> of the object. It contains information about the <strong>entity issuing<\/strong> the certificate, the validity period of the certificate and the<strong> identity of the subject<\/strong> (e.g. the object). One of the strengths of certificates is the ability to create chains of certificates, and thus <strong>create trust relationships<\/strong>:<\/li>\n<\/ul>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-20206 size-full\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/04\/Image4.png\" alt=\"\" width=\"844\" height=\"426\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/04\/Image4.png 844w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/04\/Image4-378x191.png 378w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/04\/Image4-71x36.png 71w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/04\/Image4-768x388.png 768w\" sizes=\"auto, (max-width: 844px) 100vw, 844px\" \/><\/p>\n<p style=\"text-align: justify;\"><span style=\"font-size: revert; color: initial;\">X.509 certificates offer a <strong>higher level of security<\/strong>, assuming a state-of-the-art cryptographic algorithm, as they <strong>allow trust relationships to be represented<\/strong>. However, the management and use of certificates can involve <strong>additional complexity<\/strong> for an IoT project.<\/span><\/p>\n<p>In order to force the use of X.509 certificates to authenticate connected objects, it is possible <strong>to prohibit SAS tokens for an IoT Hub<\/strong>. Indeed, Azure IoT Hubs have three properties related to the <strong>use or not of SAS tokens<\/strong>: disableLocalAuth, disableDeviceSAS and disableModuleSAS. Therefore, the best practice associated with disabling SAS tokens is to set these three parameters to True. This can be done using the <strong>Azure CLI<\/strong> tool:<\/p>\n<table style=\"border-collapse: collapse; width: 100%;\">\n<tbody>\n<tr>\n<td style=\"width: 836px; background-color: #002060; border-color: #002060; border-style: solid;\">\n<p><span style=\"color: #ffffff;\"><span style=\"color: #ffff00;\">az <span style=\"color: #ffffff;\">resource update <span style=\"color: #808080;\">&#8211;resource-group<\/span> &lt;Resource_Group&gt; <span style=\"color: #808080;\">-n<\/span> &lt;IoT_Hub&gt;<span style=\"color: #808080;\"> &#8211;resource-type<\/span> Microsoft.Devices\/IotHubs <span style=\"color: #808080;\">&#8211;set<\/span> properties.disableDeviceSAS=true properties.disableModuleSAS=true properties.disableLocalAuth=true<\/span><\/span><\/span><\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>Checking the values of these same parameters can also be done using the <strong>Azure CLI<\/strong>:<\/p>\n<table style=\"border-collapse: collapse; width: 100%;\">\n<tbody>\n<tr>\n<td style=\"width: 836px; background-color: #002060; border-color: #002060; border-style: solid;\">\n<p><span style=\"color: #ffffff;\"><span style=\"color: #ffff00;\"><span style=\"color: #ffffff;\"><span style=\"color: #ffff00;\">az<\/span> resource show <span style=\"color: #808080;\">&#8212;resource-group<\/span> &lt;Resource_Group&gt; <span style=\"color: #808080;\">-n<\/span> &lt;IoT_Hub&gt; <span style=\"color: #808080;\">&#8211;resource-type<\/span> Microsoft.Devices\/IotHubs | <span style=\"color: #ffff00;\">Select-String<\/span> <span style=\"color: #33cccc;\">&#8220;(disableLocalAuth|disableDeviceSAS|disableModuleSAS)&#8221;<\/span><\/span><\/span><\/span><\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>In the example response below, the disableDeviceSAS property has been set correctly, but the other two have not.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-20217 size-full\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/04\/Image9.png\" alt=\"\" width=\"907\" height=\"127\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/04\/Image9.png 907w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/04\/Image9-437x61.png 437w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/04\/Image9-71x10.png 71w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/04\/Image9-768x108.png 768w\" sizes=\"auto, (max-width: 907px) 100vw, 907px\" \/><\/p>\n<p style=\"text-align: justify;\">The <strong>Azure portal<\/strong> also allows you to perform this verification:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-20208 size-full\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/04\/Image5.png\" alt=\"\" width=\"580\" height=\"317\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/04\/Image5.png 580w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/04\/Image5-349x191.png 349w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/04\/Image5-71x39.png 71w\" sizes=\"auto, (max-width: 580px) 100vw, 580px\" \/><\/p>\n<p style=\"text-align: justify;\">The choice of authentication method for Azure IoT will <strong>depend on the security requirements<\/strong> of your solution. If you need <strong>strong security<\/strong> and have the infrastructure to manage certificates, then <strong>X.509 certificate<\/strong> authentication is a good option. However, if you are looking for <strong>a solution that is simple to manage and use<\/strong>, the SAS token may be more suitable for your needs.<\/p>\n<h1 style=\"text-align: justify;\"><span lang=\"EN-GB\" style=\"font-size: 20.0pt; line-height: 107%;\">2nd security vector: RBAC and alerts <\/span><\/h1>\n<p>The assignment of roles on your Azure IoT infrastructure must be <strong>thoughtful and defined according to the needs of the users<\/strong>. A <strong>precise definition of roles and permissions<\/strong> makes it possible to limit access to resources and to the various functionalities available on the platform. The various Azure IoT services provide a <strong>multitude of pre-configured roles<\/strong> that can be adapted to your needs and your organisation. Secondly, <strong>applying the principle of least privilege<\/strong>, and limiting the number of accounts with important privileges, allows you to <strong>improve the security level<\/strong> of your Azure IoT infrastructure.<\/p>\n<p><strong>Azure CLI <\/strong>allows you to <strong>list the users with rights to the desired Azure IoT<\/strong> resource and their associated roles. The following command allows you to perform this action<\/p>\n<table style=\"border-collapse: collapse; width: 100%; height: 129px;\">\n<tbody>\n<tr style=\"height: 129px;\">\n<td style=\"width: 100%; background-color: #002060; border-color: #002060; border-style: solid; height: 129px;\">\n<p><span style=\"color: #ffffff;\"><span style=\"color: #ffff00;\"><span style=\"color: #33cccc;\"><span style=\"color: #ffff00;\">az<\/span> <span style=\"color: #ffffff;\">role assignment list<\/span> <span style=\"color: #808080;\">&#8211;scope<\/span> &#8220;\/subscriptions\/&lt;ID_de_souscription&gt;\/resourceGroups\/&lt;Resource_Group&gt;\/providers\/Microsoft.Devices\/IotHubs\/&lt;IoT_Hub&gt;&#8221; <span style=\"color: #808080;\">&#8211;include-inherited<\/span><\/span><\/span><\/span><\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><span style=\"font-size: revert; color: initial;\">It is possible to use string selectors (Select-String for <\/span><strong style=\"font-size: revert; color: initial;\">PowerShell<\/strong><span style=\"font-size: revert; color: initial;\">, grep for <\/span><strong style=\"font-size: revert; color: initial;\">Bash<\/strong><span style=\"font-size: revert; color: initial;\">) to retrieve only the desired information.<\/span><\/p>\n<p>In the example below, <strong>names, types<\/strong> and <strong>roles<\/strong> were the only items retrieved using Select-String:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-20220 size-full\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/04\/Image10.png\" alt=\"\" width=\"852\" height=\"802\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/04\/Image10.png 852w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/04\/Image10-203x191.png 203w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/04\/Image10-41x39.png 41w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/04\/Image10-768x723.png 768w\" sizes=\"auto, (max-width: 852px) 100vw, 852px\" \/><\/p>\n<p>The Azure built-in roles feature is available on <a href=\"https:\/\/learn.microsoft.com\/fr-fr\/azure\/role-based-access-control\/built-in-roles\">this page<\/a>.<\/p>\n<p>Configuring <strong>alerts based on the metrics<\/strong> of your Azure IoT services is another tool to consider. Alerts can be configured to detect suspicious behaviour or anomalies, <strong>allowing for rapid investigation<\/strong> of your infrastructure. Azure provides its customers with a large collection of signals to define alert conditions. It is also possible to <strong>define custom alert signals <\/strong>via the query language used by Azure Log Analytics.<\/p>\n<p>The <strong>Azure Portal<\/strong> is the easiest way to set up alerts based on the data collected by the IoT Hub. For example, to define a log alert rule, you need to:<\/p>\n<ol style=\"text-align: justify;\">\n<li>Go to the management page of the desired IoT Hub;<\/li>\n<li>Go to the Logs sub-category of the Monitoring category;<\/li>\n<li>Choose a rule using the Azure Log Analytics language;<\/li>\n<li>Add an alert rule related to this query;<\/li>\n<li>Choose the operator, unit, threshold value, check recurrence and time period for the rule<\/li>\n<\/ol>\n<p style=\"text-align: justify;\">These actions are summarised in the screenshots below:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-20210 size-full\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/04\/Image6.png\" alt=\"\" width=\"909\" height=\"244\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/04\/Image6.png 909w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/04\/Image6-437x117.png 437w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/04\/Image6-71x19.png 71w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/04\/Image6-768x206.png 768w\" sizes=\"auto, (max-width: 909px) 100vw, 909px\" \/><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-20212 size-full\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/04\/Image7.png\" alt=\"\" width=\"824\" height=\"603\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/04\/Image7.png 824w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/04\/Image7-261x191.png 261w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/04\/Image7-53x39.png 53w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/04\/Image7-768x562.png 768w\" sizes=\"auto, (max-width: 824px) 100vw, 824px\" \/><\/p>\n<p>It will then be sufficient to choose an <strong>action group<\/strong> linked to a type of action (sending an email, SMS, etc.).<\/p>\n<p>The example given will lead to an action if the number of failed connections of connected objects to the IoT Hub concerned exceeds 10 failures in 10 minutes or less.<\/p>\n<p>A <a href=\"https:\/\/learn.microsoft.com\/fr-fr\/azure\/azure-monitor\/alerts\/tutorial-log-alert\">detailed guide<\/a> in the form of a tutorial is available on the Azure documentation. Note that this service is available at an additional cost.<\/p>\n<p style=\"text-align: justify;\">\u00a0<\/p>\n<h1 style=\"text-align: justify;\"><span lang=\"EN-GB\" style=\"font-size: 20.0pt; line-height: 107%;\">3rd vector of security: the service itself <\/span><\/h1>\n<p>Finally, <strong>setting up proper configuration<\/strong> of Azure IoT services is a key element in improving the platform&#8217;s cyber maturity level. This includes options such as <strong>routing rules<\/strong> or setting the minimum version of TLS used by devices to connect to Azure IoT Hub.<\/p>\n<p><strong>Routing rules<\/strong> are used to <strong>redirect messages<\/strong> from IoT devices to an endpoint (storage, services, database, etc.) and are configurable by routing requests. It is recommended to <strong>filter incoming messages<\/strong>, via routing requests, to increase the security of your IoT solution.<\/p>\n<p><strong>Checking the minimum TLS version accepted<\/strong> can be done using the <strong>Azure CLI<\/strong>: indeed, an IoT Hub has the minTlsVersion attribute to check this property. This check is performed using the following command:<\/p>\n<table style=\"border-collapse: collapse; width: 100%;\">\n<tbody>\n<tr>\n<td style=\"width: 100%; background-color: #002060; border-color: #002060; border-style: solid;\">\n<p><span style=\"color: #ffffff;\"><span style=\"color: #ffff00;\">az <span style=\"color: #ffffff;\">resource show <span style=\"color: #808080;\">&#8212;resource-group<\/span> &lt;Resource_Group&gt; <span style=\"color: #808080;\">-n<\/span> &lt;IoT_Hub&gt; <span style=\"color: #808080;\">&#8211;resource-type<\/span> Microsoft.Devices\/IotHubs | <span style=\"color: #ffff00;\">Select-String<\/span> <span style=\"color: #33cccc;\">&#8220;minTlsVersion&#8221;<\/span><\/span><\/span><\/span><\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p style=\"text-align: justify;\">Si cette commande <strong>ne retourne rien<\/strong>, ou retourne <strong>une valeur inf\u00e9rieure \u00e0 1.2<\/strong>, alors la configuration <strong>n\u2019est pas satisfaisante<\/strong>.<\/p>\n<p style=\"text-align: justify;\">Le <strong>portail d\u2019Azure<\/strong> permet \u00e9galement d\u2019effectuer cette v\u00e9rification<\/p>\n<p>If this command <strong>returns nothing<\/strong>, or returns a <strong>value less than 1.2<\/strong>, then the configuration <strong>is not satisfactory<\/strong>.<\/p>\n<p>The <strong>Azure portal<\/strong> also allows you to perform this check:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-20214 size-full\" src=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/04\/Image8.png\" alt=\"\" width=\"668\" height=\"315\" srcset=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/04\/Image8.png 668w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/04\/Image8-405x191.png 405w, https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/04\/Image8-71x33.png 71w\" sizes=\"auto, (max-width: 668px) 100vw, 668px\" \/><\/p>\n<p style=\"text-align: justify;\">\u00a0<\/p>\n<h1 style=\"text-align: justify;\"><strong>En synth\u00e8se<\/strong><\/h1>\n<p><strong>Security is a major issue for IoT projects<\/strong>: Microsoft, with its Azure IoT product, provides an IoT platform that meets the majority of IoT needs in a secure manner, provided that it is configured correctly. In this article, we have discussed<strong> recommendations for improving the security<\/strong> of your Azure IoT infrastructure.<\/p>\n<p>It is important to keep in mind that <strong>other attack vectors exist<\/strong>, such as hardware and software vulnerabilities and the networks used by IoT devices.\u00a0 Securing an IoT infrastructure is a <strong>complex challenge that requires an end-to-end approach<\/strong>.<\/p>\n<p style=\"text-align: justify;\"><strong>\u00a0<\/strong><\/p>\n<p style=\"text-align: justify;\"><em>\u00a0<\/em><\/p>\n<p style=\"text-align: center;\"><em>With the help of Marius ANDRE<\/em><\/p>\n<p style=\"text-align: justify;\">[1] \u201cMagic Quadrant for Global Industrial IoT Platforms\u201d<\/p>\n<p style=\"text-align: justify;\"><a href=\"https:\/\/www.gartner.com\/doc\/reprints?id=1-2BQFX3BJ&amp;ct=221116&amp;st=sb\">https:\/\/www.gartner.com\/doc\/reprints?id=1-2BQFX3BJ&amp;ct=221116&amp;st=sb<\/a><\/p>\n<p style=\"text-align: justify;\">[2] \u201cInternet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile\u201d<\/p>\n<p style=\"text-align: justify;\"><a href=\"https:\/\/www.rfc-editor.org\/rfc\/rfc5280\">https:\/\/www.rfc-editor.org\/rfc\/rfc5280<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Internet of Things (IoT) platforms enable the connection, management and monitoring of fleets of devices. The 3 cloud leaders, GCP, AWS and Azure each have their own offering, in a particularly fragmented sector, which sees many players competing. Azure, in&#8230;<\/p>\n","protected":false},"author":20,"featured_media":20226,"comment_status":"open","ping_status":"closed","sticky":true,"template":"page-templates\/tmpl-one.php","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[3922,3275],"tags":[3359,3181,3752],"coauthors":[780,4257,4256],"class_list":["post-20232","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-deep-dive-en","category-iot-consumer-goods-en","tag-azure-en","tag-iot-en","tag-rbac-en"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Improving the security of your IoT infrastructure: configuration tips and best practices on Azure IoT - RiskInsight<\/title>\n<meta name=\"description\" content=\"Internet of Things (IoT) platforms enable the connection, management and monitoring of fleets of devices. The 3 cloud leaders, GCP, AWS and Azure each have their own offering, in a particularly fragmented sector, which sees many players competing.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.riskinsight-wavestone.com\/en\/2023\/04\/improving-the-security-of-your-iot-infrastructure-configuration-tips-and-best-practices-on-azure-iot\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Improving the security of your IoT infrastructure: configuration tips and best practices on Azure IoT - RiskInsight\" \/>\n<meta property=\"og:description\" content=\"Internet of Things (IoT) platforms enable the connection, management and monitoring of fleets of devices. The 3 cloud leaders, GCP, AWS and Azure each have their own offering, in a particularly fragmented sector, which sees many players competing.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.riskinsight-wavestone.com\/en\/2023\/04\/improving-the-security-of-your-iot-infrastructure-configuration-tips-and-best-practices-on-azure-iot\/\" \/>\n<meta property=\"og:site_name\" content=\"RiskInsight\" \/>\n<meta property=\"article:published_time\" content=\"2023-04-07T13:00:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-04-12T16:46:21+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/04\/joshua-sortino-LqKhnDzSF-8-unsplash-1-scaled.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"2560\" \/>\n\t<meta property=\"og:image:height\" content=\"1710\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Arnaud Soulli\u00e9, Paul Chopineau, Gauthier Vidal\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Arnaud Soulli\u00e9, Paul Chopineau, Gauthier Vidal\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"12 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2023\/04\/improving-the-security-of-your-iot-infrastructure-configuration-tips-and-best-practices-on-azure-iot\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2023\/04\/improving-the-security-of-your-iot-infrastructure-configuration-tips-and-best-practices-on-azure-iot\/\"},\"author\":{\"name\":\"Arnaud Soulli\u00e9\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/8ba5826fcf8223b1c6c350c1d1fffc79\"},\"headline\":\"Improving the security of your IoT infrastructure: configuration tips and best practices on Azure IoT\",\"datePublished\":\"2023-04-07T13:00:00+00:00\",\"dateModified\":\"2023-04-12T16:46:21+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2023\/04\/improving-the-security-of-your-iot-infrastructure-configuration-tips-and-best-practices-on-azure-iot\/\"},\"wordCount\":1892,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2023\/04\/improving-the-security-of-your-iot-infrastructure-configuration-tips-and-best-practices-on-azure-iot\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/04\/joshua-sortino-LqKhnDzSF-8-unsplash-1-scaled.jpg\",\"keywords\":[\"Azure\",\"IoT\",\"RBAC\"],\"articleSection\":[\"Deep-dive\",\"IoT &amp; Consumer goods\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.riskinsight-wavestone.com\/en\/2023\/04\/improving-the-security-of-your-iot-infrastructure-configuration-tips-and-best-practices-on-azure-iot\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2023\/04\/improving-the-security-of-your-iot-infrastructure-configuration-tips-and-best-practices-on-azure-iot\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2023\/04\/improving-the-security-of-your-iot-infrastructure-configuration-tips-and-best-practices-on-azure-iot\/\",\"name\":\"Improving the security of your IoT infrastructure: configuration tips and best practices on Azure IoT - RiskInsight\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2023\/04\/improving-the-security-of-your-iot-infrastructure-configuration-tips-and-best-practices-on-azure-iot\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2023\/04\/improving-the-security-of-your-iot-infrastructure-configuration-tips-and-best-practices-on-azure-iot\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/04\/joshua-sortino-LqKhnDzSF-8-unsplash-1-scaled.jpg\",\"datePublished\":\"2023-04-07T13:00:00+00:00\",\"dateModified\":\"2023-04-12T16:46:21+00:00\",\"description\":\"Internet of Things (IoT) platforms enable the connection, management and monitoring of fleets of devices. The 3 cloud leaders, GCP, AWS and Azure each have their own offering, in a particularly fragmented sector, which sees many players competing.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2023\/04\/improving-the-security-of-your-iot-infrastructure-configuration-tips-and-best-practices-on-azure-iot\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.riskinsight-wavestone.com\/en\/2023\/04\/improving-the-security-of-your-iot-infrastructure-configuration-tips-and-best-practices-on-azure-iot\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2023\/04\/improving-the-security-of-your-iot-infrastructure-configuration-tips-and-best-practices-on-azure-iot\/#primaryimage\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/04\/joshua-sortino-LqKhnDzSF-8-unsplash-1-scaled.jpg\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/04\/joshua-sortino-LqKhnDzSF-8-unsplash-1-scaled.jpg\",\"width\":2560,\"height\":1710},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/2023\/04\/improving-the-security-of-your-iot-infrastructure-configuration-tips-and-best-practices-on-azure-iot\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Improving the security of your IoT infrastructure: configuration tips and best practices on Azure IoT\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"name\":\"RiskInsight\",\"description\":\"The cybersecurity &amp; digital trust blog by Wavestone&#039;s consultants\",\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\",\"name\":\"Wavestone\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"width\":50,\"height\":50,\"caption\":\"Wavestone\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/8ba5826fcf8223b1c6c350c1d1fffc79\",\"name\":\"Arnaud Soulli\u00e9\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/author\/arnaud-soullie\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Improving the security of your IoT infrastructure: configuration tips and best practices on Azure IoT - RiskInsight","description":"Internet of Things (IoT) platforms enable the connection, management and monitoring of fleets of devices. The 3 cloud leaders, GCP, AWS and Azure each have their own offering, in a particularly fragmented sector, which sees many players competing.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.riskinsight-wavestone.com\/en\/2023\/04\/improving-the-security-of-your-iot-infrastructure-configuration-tips-and-best-practices-on-azure-iot\/","og_locale":"en_US","og_type":"article","og_title":"Improving the security of your IoT infrastructure: configuration tips and best practices on Azure IoT - RiskInsight","og_description":"Internet of Things (IoT) platforms enable the connection, management and monitoring of fleets of devices. The 3 cloud leaders, GCP, AWS and Azure each have their own offering, in a particularly fragmented sector, which sees many players competing.","og_url":"https:\/\/www.riskinsight-wavestone.com\/en\/2023\/04\/improving-the-security-of-your-iot-infrastructure-configuration-tips-and-best-practices-on-azure-iot\/","og_site_name":"RiskInsight","article_published_time":"2023-04-07T13:00:00+00:00","article_modified_time":"2023-04-12T16:46:21+00:00","og_image":[{"width":2560,"height":1710,"url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/04\/joshua-sortino-LqKhnDzSF-8-unsplash-1-scaled.jpg","type":"image\/jpeg"}],"author":"Arnaud Soulli\u00e9, Paul Chopineau, Gauthier Vidal","twitter_misc":{"Written by":"Arnaud Soulli\u00e9, Paul Chopineau, Gauthier Vidal","Est. reading time":"12 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2023\/04\/improving-the-security-of-your-iot-infrastructure-configuration-tips-and-best-practices-on-azure-iot\/#article","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2023\/04\/improving-the-security-of-your-iot-infrastructure-configuration-tips-and-best-practices-on-azure-iot\/"},"author":{"name":"Arnaud Soulli\u00e9","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/8ba5826fcf8223b1c6c350c1d1fffc79"},"headline":"Improving the security of your IoT infrastructure: configuration tips and best practices on Azure IoT","datePublished":"2023-04-07T13:00:00+00:00","dateModified":"2023-04-12T16:46:21+00:00","mainEntityOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2023\/04\/improving-the-security-of-your-iot-infrastructure-configuration-tips-and-best-practices-on-azure-iot\/"},"wordCount":1892,"commentCount":0,"publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2023\/04\/improving-the-security-of-your-iot-infrastructure-configuration-tips-and-best-practices-on-azure-iot\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/04\/joshua-sortino-LqKhnDzSF-8-unsplash-1-scaled.jpg","keywords":["Azure","IoT","RBAC"],"articleSection":["Deep-dive","IoT &amp; Consumer goods"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.riskinsight-wavestone.com\/en\/2023\/04\/improving-the-security-of-your-iot-infrastructure-configuration-tips-and-best-practices-on-azure-iot\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2023\/04\/improving-the-security-of-your-iot-infrastructure-configuration-tips-and-best-practices-on-azure-iot\/","url":"https:\/\/www.riskinsight-wavestone.com\/en\/2023\/04\/improving-the-security-of-your-iot-infrastructure-configuration-tips-and-best-practices-on-azure-iot\/","name":"Improving the security of your IoT infrastructure: configuration tips and best practices on Azure IoT - RiskInsight","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2023\/04\/improving-the-security-of-your-iot-infrastructure-configuration-tips-and-best-practices-on-azure-iot\/#primaryimage"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2023\/04\/improving-the-security-of-your-iot-infrastructure-configuration-tips-and-best-practices-on-azure-iot\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/04\/joshua-sortino-LqKhnDzSF-8-unsplash-1-scaled.jpg","datePublished":"2023-04-07T13:00:00+00:00","dateModified":"2023-04-12T16:46:21+00:00","description":"Internet of Things (IoT) platforms enable the connection, management and monitoring of fleets of devices. The 3 cloud leaders, GCP, AWS and Azure each have their own offering, in a particularly fragmented sector, which sees many players competing.","breadcrumb":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2023\/04\/improving-the-security-of-your-iot-infrastructure-configuration-tips-and-best-practices-on-azure-iot\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.riskinsight-wavestone.com\/en\/2023\/04\/improving-the-security-of-your-iot-infrastructure-configuration-tips-and-best-practices-on-azure-iot\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2023\/04\/improving-the-security-of-your-iot-infrastructure-configuration-tips-and-best-practices-on-azure-iot\/#primaryimage","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/04\/joshua-sortino-LqKhnDzSF-8-unsplash-1-scaled.jpg","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2023\/04\/joshua-sortino-LqKhnDzSF-8-unsplash-1-scaled.jpg","width":2560,"height":1710},{"@type":"BreadcrumbList","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/2023\/04\/improving-the-security-of-your-iot-infrastructure-configuration-tips-and-best-practices-on-azure-iot\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.riskinsight-wavestone.com\/en\/"},{"@type":"ListItem","position":2,"name":"Improving the security of your IoT infrastructure: configuration tips and best practices on Azure IoT"}]},{"@type":"WebSite","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","name":"RiskInsight","description":"The cybersecurity &amp; digital trust blog by Wavestone&#039;s consultants","publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization","name":"Wavestone","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","width":50,"height":50,"caption":"Wavestone"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/8ba5826fcf8223b1c6c350c1d1fffc79","name":"Arnaud Soulli\u00e9","url":"https:\/\/www.riskinsight-wavestone.com\/en\/author\/arnaud-soullie\/"}]}},"_links":{"self":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/20232","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/users\/20"}],"replies":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/comments?post=20232"}],"version-history":[{"count":18,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/20232\/revisions"}],"predecessor-version":[{"id":20310,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/20232\/revisions\/20310"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media\/20226"}],"wp:attachment":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media?parent=20232"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/categories?post=20232"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/tags?post=20232"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/coauthors?post=20232"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}