English
English
简体中文
Register
Developer Platform
Solutions
Industry
Empower brands to leverage smart hotel scenarios
Connect lights to create value on a large scale
Streamline maintenance and delight your residents
Provide a seamless scenario experience from home environment to community environment
Build a secure and reliable private smart platform easily with a rich hardware ecosystem
Delivers comprehensive AI Service and AI Copilot development plan for your business
Various perfected and cost-effective solutions quickly build your smart products
Developers
Connect with like-minded developers and experts
Explore what the world’s leading businesses have achieved with the Tuya Developer Platform
Quickly obtain and experience excellent developer case products
Services & Support
Partners
Stand out as Tuya's smart service provider and dedicate to helping more and more developers build smart products, effortlessly
Solve smart products interconnect label solutions
Bring the business values of the smart solution to customers
Promote the development of artificial intelligence industry
Security and Compliance
Strictly comply with security standards and industry requirements
Join us to create and maintain a healthy smart ecosystem
Support
FAQs on smart product development
7x24 one-to-one customer services
Technical guidance, fault repair, and problem solving
Company
Global Cloud Platform Service Provider
Discover the story of Tuya
Press releases and announcements
Submit a request to speak with our experts
Home>Tuya News>Tuya Case Studies Commended by Global Cybersecurity Leaders in White Paper
Tuya Case Studies Commended by Global Cybersecurity Leaders in White Paper
Jul 15, 2022

Tuya Smart (NYSE: TUYA, HKEX: 2391), a global IoT development platform service provider, was named as an exemplar of cybersecurity best-practice in the 2022 Global IoT Security White Paper.

The White Paper applauds Tuya Smart for its holistic approach to cybersecurity leadership; specifically for acquiring international third-party security certifications, establishing the Tuya Security Team, creating secure and independent data storage centers, and developing innovative security products in-house: a security-operation platform solution designed to help developers eliminate security risks, Tuya Sage, and the first IoT module of its kind with a built-in secure element (SE) and Common Criteria (CC) EAL6+ certificate, WBR3N.

The 2022 Global IoT Security White Paper was jointly prepared by the Research Center for Cyberspace International Governance (“RCGCG”) and the global standard for IoT security, ioXt Alliance. The White Paper was written with input from scholars in cybersecurity and Sino-U.S. technology at the Stimson Center, Albright Stonebridge Group, Stanford University’s Cyber Policy Center, Yale Law School, MIT Computer Science and Artificial Intelligence Center, and more. It is the first prominent white paper to focus on global IoT cybersecurity and includes case studies and best practices from global IoT leaders and 12 suggested initiatives to strengthen global IoT security.

To view the full 2022 Global IoT Security White Paper, please visit: https://www.ioxtalliance.org/content-and-resources

Expert in-house InfoSec team, numerous third-party certifications

The White Paper states that enterprises should focus on enhancing cybersecurity, assemble security teams, improve information-security systems, strengthen corporate-compliance capacity and eliminate IoT system security risks by perfecting management models, processes, tools and platforms.

The White Paper research group commended Tuya Smart for building an in-house security team and for partnering with top international third-party institutions. The Company’s in-house information-security team secures its data from cradle to grave, safeguarding the software development life cycle (SDLC). The information-security team creates security classification standards for smart hardware devices, compiles security-test cases to ensure the defense of the technology, and protects the code of the firm’s software during the development phase.

Cooperating with top international third-party institutions in security assessment and certification is a best practice in the global IoT industry. Tuya Smart has met or surpassed most global information security standards. This includes an endorsement from the well-known international organization, Information Security Organization (“ISO”) certification of SGS, BSI's ISO27001 standard for information security system, ISO27017 standard for cloud security management system, ISO27701 standard for cloud platform privacy and security, and the Connectivity Standards Alliance (“CSA”) STAR cloud security certification. The Company is a recipient of the TrustArc's Enterprise Privacy Certificate (EPC) and regularly partners with Rapid7, wizlynx group, ScienceSoft, Chaitin Tech, DAS-Security, and UnderDefense to test Tuya's information security capacity with professional penetration testing.

IoT enterprises can ensure their products meet fundamental international safety standards by submitting relevant certificates. When it comes to product safety standards, Tuya Smart has passed TÜV SÜD's EN 303645 and NIST IR 8259A certifications. In 2021, Tuya announced a partnership with ioXt Alliance to improve hardware developer security and launched a certified components program.

" ioXt Alliance is thrilled to cooperate with Tuya to increase IoT security adoption. With a global leader in IoT like Tuya wrapping ioXt’s Certified Components Program into its platform, Tuya and ioXt can make devices more connected and smarter,” said Craig Miller, Director of Intellectual Property at ioXt. “With the assurance of the ioXt security certificate, Tuya ecosystem members and customers can enjoy the highest level of IoT services and security,” concluded Miller.

Secure and independent data centers

The White Paper noted Tuya’s security and quality assurance across global data centers. Tuya owns six data centers that provide speed and stability for customers around the world. Each data center operates independently. Concerning regional compliance, Tuya Smart has passed Ernst & Young's SOC 2 Audit as well as TrustArc's GDPR and CCPA's regional compliance validation.

While Tuya neither directly faces consumers nor stores consumer-end data, one of its core missions is to protect businesses’ customer data and provide secure systems to store user data. Tuya has strict internal regulations, a clear access-control strategy and a robust technological architecture.

Initiatives to safeguard the global IoT industry

To accelerate the construction of IoT security systems and improve the governance level of IoT security, the White Paper proposes 12 relevant measures to enhance public confidence, advance governance efficiency, encourage the innovation of IoT enterprises, and deepen the development of the global digital economy with IoT. Some of the key measures highlighted in the White Paper are below:

With siloed and fractionalized IoT ecosystems, countries and transnational IoT enterprises should embrace global cooperation, develop mutual trust across the cybersecurity sector and work to remove obstacles that are stifling mutual confidence.

Building a safe, secure and robust IoT ecological system is crucial for its long term growth and sustainability. Relevant parties should give full play to the role of third-party testing and certification institutions, prioritize suppliers with cybersecurity-protection capacity, and form a zero-trust security model IoT supply chain, to elevate security-protection capacity and to provide users with security commitments on products and services.

Weak consumer awareness paired with vulnerabilities on connected consumer devices poses a large threat to the industry. According to a December 2020 study on corporate IoT devices from Zscaler, a leader in cloud security, 76% of surveyed devices were still communicating on unencrypted plain text channels. Companies and organizations in the IoT industry should increase cybersecurity knowledge through public awareness campaigns and training, so that users can fully understand cybersecurity risk and operate IoT devices in a safe and responsible way. Through cooperation at all levels and with leadership from IoT enterprises, the industry can make headway in effectively protecting personal privacy and data security.

Got any questions? I'm happy to help!