In the embedded industry, security has become the main concern, and for good reasons. You want your product to be a success, but as its popularity grows, so does the interest from the bad guys. Any weakness can, and will, be exploited to steal your IP and reengineer your product, either in manufacturing or at the user site. In addition, your third-party manufacturer may run unsolicited production batches and steal your profit as well as potentially hurt your brand or customers. However unfair it seems, the reality is that system compromises are a fact of life, and even minor mistakes can lead to major consequences.
Only 4 percent of IoT devices are secure (ABI Research, IoT Security - from Design to Life Cycle Management, 2018). That means that a staggering 96 percent of shipped IoT products can be tampered with, hacked or cloned.
At the same time, a report by Bain & Company, Inc (Cybersecurity Is the Key to Unlocking Demand in the Internet of Things, 2018) concludes that although the IoT continues to grow at a fast pace, the main barrier hindering the adoption of IoT devices is concerns about security.
We need to do better. But how? Well, we actually have a good grip on that. The starting point is in the device, the hardware itself. The only way to achieve robust security is with a Root of Trust, a security primitive capable of performing services such as authentication and attestation by providing a trusted computing base that holds private keys, product certificates, and secure boot functionality.
So what’s stopping us? Despite the knowledge of risks, security considerations can be hard to quantify and is often overshined by the need for shorter time-to-market and cost constraints. Security is often bolted on at the end of development, simply because that is when we realize we need it and that is when we have set the security requirements based on the way the product turned out. However, injecting security into an existing product can be costly and hard. And even worse, it lacks the hardware factor, making it impossible to implement a Root of Trust.
Even for those with the best of intentions, security hasn’t been easy. Establishing a Root of Trust from start has not been a straight-forward task, and the supply of secure microcontrollers and software solutions have been limited, to say the least.
But, all of this is about to change. A paradigm shift is here, and the processor manufacturers are responding with new secure hardware offerings. Still, you will need the right software to leverage the hardware capabilities. That’s why we, IAR Systems, the world’s leading development tools supplier, and Secure Thingz, the domain experts in security, have joined forces to deliver on our vision of simple and scalable IoT security, from development to deployment, creating workflows where security is included from start.
Our vision for delivering a secure future for the IoT is based on three fundamental beliefs:
Time to act is now, and both our companies are currently working hard on delivering on this vision. Our collaboration will provide our customers with completely new possibilities to create development workflows where security is included from start, and enable full IP protection with robust security from development to deployment. In addition, users will be able to achieve enhanced device identity management and ensure the trust that underpin Big Data analytics.
We are on a mission to establish trust as part of business as usual, and we have a clear view of how to get there. Join us in building a secure and sustainable future for the IoT!
Stefan Skarin, Business leader, Tech nerd, and CEO of IAR Systems
Haydn Povey, IoT Security expert, Evangelist, and CEO of Secure Thingz