What Makes Security Complex?

The IoT is diverse. It spans smart speakers, connected cameras, industrial sensors, water or energy meters, and even cars. It is also ever-changing. Innovators are constantly developing advanced technologies with new capabilities, and that inadvertently creates more opportunities for attack.

To protect your customers from the most basic threats, complex security functions have to be built into your device. That takes time and specialist expertise. Cryptography is an example of this. The data on your device must be secured. To do this, you need a cryptographic library and complex algorithms, and you have to ensure they are up to date. That can be challenging if you're not a security expert.

Today, security, to some extent, has been perceieved as a cost, rather than a value. Discussions are still happening around 'more expensive' products because they have security, however the conversations needs to switch to a risk perspective, rather than security. The use of any product of service carries a risk. Then, there are those with less risk, perhaps with an additional cost. If the risk is visible, governments, businesses and consumers are able to make informed choices when selecting them, considering the risk and impact when something goes wrong. In this sense, security functionality becomes a value, or a need, rather than a cost.

Security That Makes Business Sense

To shift the economics of security, we need to simplify it and ensure that building-in the right protection does not stifle innovation or increase time to market. This requires an industry-wide effort. For that reason, we have called on our partners across the ecosystem to use their knowledge and expertise to help us provide:

A framework for security that accelerates the process of designing and developing a secure device

Certified components with trusted implementations at the Root of Trust that you can build on to ensure your device is secure throughout

Standardized solutions from silicon and system software providers that enable you to access trusted functions within the chip and avoid the time-consuming and expensive development of complex security solutions

Independent, low-cost testing that helps you assure your customers that your device has been designed to industry-leading security standards

PSA Certified: An Industry-backed Security Framework and Assurance Program

We are bringing this to life through PSA Certified, a comprehensive framework and independent assurance scheme that reduces the cost, time and risk involved in securing your connected device.

The four-stage framework we have developed takes you step-by-step through the process of implementing the right level of security for your product. It provides the guidance and technical resources you need to do this quickly and easily, and it offers your access to a well-established ecosystem that has already developed certified and standardized components you can build on. This means you do not have to invest time and money into developing new and complex security solutions. They have already been designed in by industry leaders.

PSA Certified also includes a multi-level evaluation scheme, which helps you assure your customers that best practice has been followed and that security laws, regulations, and baseline requirements have been met. This helps you mitigate against the most common attacks and establishes a strong foundation for security across the industry. Certification is at a component level so the responsibility for security is spread more evenly across the ecosystem, instead of resting with the device manufacturer.

The PSA Certified 2021 Security Report


of tech decision-makers would be interested in industry collaboration and cross-market knowledge sharing regarding IoT security

The Benefits of a More Secure IoT

$1 trillion

the expected spending on IoT hardware and services by 2035 [2]


of companies think the economic potential of the Internet, and IoT, would be unleashed if we could build a more trustworthy digital economy [1]

A New Age of Opportunity

So far, we have demonstrated the impact of insecurity on our businesses and society but as many of the challenges described above can be addressed if we apply strong security principles, what happens when we get it right?

According to a report by professional services firm, Accenture, 84% of companies "think the economic potential of the Internet, and IoT, would be unleashed if we could build a more trustworthy digital economy."

If Arm's estimates are correct, in dollar terms, the opportunities could translate to expected spending on IoT hardware and services of $1 trillion a year by 2035 and a boost of at least 3% to global economic output.

PSA Certified has a mission to drive best practice security across the technology industry.

  • Reducing upfront security costs
  • Reducing risks in IoT-driven services
  • Reducing business risks across the value chain

Share this page

The PSA Certified name, PSA Certified logos, PSA Functional API Certified logo featured on this website are registered trademarks or trademarks of Arm Limited (or its subsidiaries) in the US and/or elsewhere. All rights reserved. Other brands and names mentioned on this website may be the trademarks of their respective owners.

Copyright © 2021 Arm Limited (or its affiliates). All rights reserved.

Sign Up to Receive the Latest from PSA Certified