In Conversation With... The Experts

A Delicate Balance: Requirements and Risk

Before developers embed security into the product development process, the first question to ask is:

'How much security does my device need?'

At stake: the product development budget and the efficiency of the device.

Understanding Device Security Requirements

Subtle undertones of typical 'cost vs. innovation' tensions exist when you stake budget against efficiency. This is the moment when security, a key feature in the device, can truly differentiate a product and build trust in a consumer. To alleviate that tension, businesses must keep asking questions to find the right balance between the device requirements and risk by asking:

  • Does the device meet customer requirements?
  • Does the device fulfil the right performance and area requirements?
  • Am I creating a device that has sufficient security to protect the assets across the necessary applications?

Find the Right Balance with Threat Modeling

Threat modeling saves time and money, the process determines how robust security should be for the device and prevents overspending. At the same time, it protects customers and your business from risk.

You can apply the threat modeling methodology to answer the key questions above. The methodology includes:

Assets

Analyze the use case, identify assets to protect, define external entities.

Adversaries and Threats

Identify potential adversaries, the attack surface and threats.

Security Objectives

Identify high-level security objectives to address threats.

Security Requirements

Define security requirements for each security objective.

Consolidation

Consolidate all information into a threats summary table.

Making Security Visible with Threat Modeling

The threat modeling methodology visualizes the process that validates the need for a security level in a device - it takes the guesswork out of security and begins to create a security audit.

Visibility can help a business achieve key regulatory goals like validation and verification. Once you have those, it's easier to confirm you have the right balance of security required for your device and the right level of trust to assure customers.

The end goal of visibility: end users can look at a product they're purchasing and clearly understand what kind of security the device they're installing or purchasing offers.


"Security is not an afterthought, and there is no one-size-fits-all approach. Built-in security is fundamental to our products, so our customers can get the security level that’s appropriate for their use cases at a market-competitive price."

Gowri Chindalore, Head of Technology and Business Strategy for Edge Processing at NXP

Learn more about the threat modeling process and access editable example threat models to begin your security analysis today.

01

Regulatory Realities

Navigate disparate requirements and ensuring compliance across the value chain.

02

The Cost of Insecurity

Cybercrime is anticipated to cost $6 trillion USD by 2021. How can you protect your investments?

03

Balancing Security Risks

How much security does your device need? Tackle the cost vs. innovation debate.

04

Reducing IoT Fragmentation

Overcome discrepancies between standards and frameworks for IoT security solutions.

05 A Holistic Solution

Embrace innovation and digital transformation with a holistic security framework

Share this page