What Makes Security Complex?
The IoT is diverse. It spans smart speakers, connected cameras, industrial sensors, water or energy meters, and even cars. It is also ever-changing. Innovators are constantly developing advanced technologies with new capabilities, and that inadvertently creates more opportunities for attack.
To protect your customers from the most basic threats, complex security functions have to be built into your device. That takes time and specialist expertise. Cryptography is an example of this. The data on your device must be secured. To do this, you need a cryptographic library and complex algorithms, and you have to ensure they are up to date. That can be challenging if you're not a security expert.
Today, security, to some extent, has been perceieved as a cost, rather than a value. Discussions are still happening around 'more expensive' products because they have security, however the conversations needs to switch to a risk perspective, rather than security. The use of any product of service carries a risk. Then, there are those with less risk, perhaps with an additional cost. If the risk is visible, governments, businesses and consumers are able to make informed choices when selecting them, considering the risk and impact when something goes wrong. In this sense, security functionality becomes a value, or a need, rather than a cost.
Security That Makes Business Sense
To shift the economics of security, we need to simplify it and ensure that building-in the right protection does not stifle innovation or increase time to market. This requires an industry-wide effort. For that reason, we have called on our partners across the ecosystem to use their knowledge and expertise to help us provide:
A framework for security that accelerates the process of designing and developing a secure device
Certified components with trusted implementations at the Root of Trust that you can build on to ensure your device is secure throughout
Standardized solutions from silicon and system software providers that enable you to access trusted functions within the chip and avoid the time-consuming and expensive development of complex security solutions
Independent, low-cost testing that helps you assure your customers that your device has been designed to industry-leading security standards
PSA Certified: An Industry-backed Security Framework and Assurance Program
We are bringing this to life through PSA Certified, a comprehensive framework and independent assurance scheme that reduces the cost, time and risk involved in securing your connected device.
The four-stage framework we have developed takes you step-by-step through the process of implementing the right level of security for your product. It provides the guidance and technical resources you need to do this quickly and easily, and it offers your access to a well-established ecosystem that has already developed certified and standardized components you can build on. This means you do not have to invest time and money into developing new and complex security solutions. They have already been designed-in by industry leaders.
PSA Certified also includes a multi-level evaluation scheme, which helps you assure your customers that best practice has been followed and that security laws, regulations and baseline requirements have been met. This helps you mitigate against the most common attacks and establishes a strong foundation for security across the industry. Certification is at a component level so the responsibility for security is spread more evenly across the ecosystem, instead of resting with the device manufacturer.
The Benefits of a More Secure IoT
A New Age of Opportunity
So far, we have demonstrated the impact of insecurity on our businesses and society but as many of the challenges described above can be addressed if we apply strong security principles, what happens when we get it right?
According to a report by professional services firm, Accenture, 84% of companies "think the economic potential of the Internet, and IoT, would be unleashed if we could build a more trustworthy digital economy."
If Arm's estimates are correct, in dollar terms, the opportunities could translate to expected spending on IoT hardware and services of $1 trillion a year by 2035 and a boost of at least 3% to global economic output.