ioXt Alliance expands Certification to Mobile and VPN Security
The ioXt Alliance, the Global Standard for IoT security, today announced that it is expanding its ioXt Compliance Program with a new mobile application profile with added requirements for virtual private network (VPN) applications.
Defined collaboratively by technology companies such as Google and Amazon, in partnership with security labs, NowSecure, NCC Group, DEKRA, Onward Security and 7layers, and aligned with the initiatives set forth by VPN Trust Initiative, these new security standards for the mobile app and VPN markets will bring transparency and visibility to consumer and enterprise buyers, to advance security in the IoT industry as a whole.
Expanding the ioXt Certification Program into the mobile application platform includes rigorous testing at scale by identifying and mitigating potential security risks. This initiative, led by mobile security pioneer NowSecure, provides automatic scans of all applications submitted through the Certification Portal.
“We are pleased to partner with the ioXt Alliance to bring a certification standard to the industry for IoT-connected mobile applications,” said Alan Snyder, CEO of NowSecure. “The deep experience of this group of leading experts in mobile and IoT security and established industry standards like the OWASP MASVS has created a strong foundation for this new ioXt mobile app standard and certification program. With NowSecure as an ioXt Authorized Lab and automated security testing software provider, we are able to speed vendor certification through our fast, high quality, low cost compliance program and ultimately protect IoT-connected mobile app users.”
Certification through the ioXt Alliance is a broad effort from the entire industry. To make the internet a safe place for all and to preserve the reputation of VPNs ensures users can safely avoid risks and enjoy greater trust, transparency, and security. Critical to this mission is the digital safety consortium, VPN Trust Initiative (VTI) and the standards they’ve created and adapted for the ioXt Alliance’s profile.
“VPNs are central to internet privacy, security, and rights, but the members of the VTI know well that we can’t provide those protections without trust and transparency. That’s why we’re so excited to be involved in launching the expansion of the ioXt Compliance Program to include VPN services,” said Harold Li, Chair of the VPN Trust Initiative and VP of ExpressVPN. “This Program will give consumers more control and confidence in choosing solutions for protecting themselves online.”
As part of its efforts to increase the level of security in their products, Afero, Comcast, ExpressVPN, Leviton, NordVPN, OpenVPN Community, McAfee, Private Internet Access and VPN Private have partnered with the ioXt Alliance to test and certify several mobile applications and VPN platforms. Google has committed even further by certifying Google One, the first white box lab tested product to receive ioXt certification.
The Alliance’s certification Program is founded on eight core pledge principles that define product security, product upgradability and consumer transparency. These principles map back to global security regulations and provide a customizable method for addressing specific market segmentations, local regulations, and channel requirements to provide reasonable security. Devices in the smart home, smart building, connected cellular and mobile application sectors that meet or exceed the requirements in their assigned product category will receive the ioXt SmartCert label.
Applications certified by the ioXt Alliance include:
- IoT Controller Applications
- IoT Authenticator
Joel Scambray, Global Head of Data & Application Security Services at NCC Group, said: “NCC Group is honoured to have qualified as an Authorized Lab for the new ioXt Mobile App Profile. ioXt and its Members devoted significant effort to collaboratively develop a global standard for mobile application security, with input from top experts and aligned with existing standards like OWASP MASVS. The resulting Profile includes a relevant, actionable, and easily understandable set of test cases for both app developers and their end users. We look forward to performing more assessments and continuing to assist ioXt’s mission to set baseline security requirements for a safer and more secure IoT world.”
“As we continue to be more connected than ever, privacy concerns have remained in the spotlight making VPN and mobile app security increasingly important to consumers, developers and other relevant stakeholders,” said Brad Ree, CTO of the ioXt Alliance. “With these new profiles, we are working with industry experts and leading organizations to make security standards scalable and adoptable across VPNs, and mobile apps to ensure consumer confidence and transparency as well as adequate end-user protection.”