In Conversation With... The Experts
Reducing IoT Fragmentation and Complexity
The discrepancies between standards and frameworks for IoT solutions further complicate the product development process, After spending huge numbers of engineering hours developing a deep understanding of solutions, companies become tied into specific platforms and systems to avoid delayed market rollouts and the additional costs of building different product versions based on different systems.
Security, in particular, has seen huge effects from this type of fragmentation as complex security features add to engineering time and make security a complex process. Users are hesistant to embrace devices fully into their networks when there is a lack of security standardization and they struggle to identify which devices to trust.
Standardizing Security Features
Simplifying security adoption while maintaining stringent security features can be achieved by building on a common security foundation and a common Root of Trust with consistent security functions. When multiple operating systems can communicate effectively with this Root of Trust, through APIs, you have a standardized and accessible foundation of security across multiple devices.
Device manufacturers can use components that offer a consistent security base on which to build their product, with all applications leveraging the same security functions and without the burden of complex security development time and effort.
"A hardware Root of Trust essentially guarantees that the inner workings of your device are secure. The Root of Trust is primarily used in a secure boot process, which ensures when the processor boots that the code is authentic and hasn’t been modified – all things stem from that. Once the code is authenticated, the system can check security of other things in the system."
Mike Dow, Senior Product Manager for IoT Security, Silicon Labs
PSA Certified offers independent verification of the PSA Root of Trust (PSA-RoT) in the silicon and provides APIs that enable multiple operating systems to leverage the security functions within the PSA-RoT. With a fully functioning ecosystem of certified silicon and RTOS vendors at hand, device manufacturers can use standardized components to access built-in trusted functions.
“With PSA Certified, I know that out of the box, I have a very solid foot in the door to making a reasonably secure device, platform, or ecosystem if I’m basing it off something that is PSA Certified Level 1 or has the Functional API certification.”
Kevin Townsend, Senior Embedded Engineer, Linaro, & Zephyr Project member
Solutions based on standardized security components ease security communication across cloud vendors and to users and enterprises. Below we explore why a common language of security is so important to the future of the IoT.
Why Security Needs a Common Language
The layers of IoT security's complexity runs deep. Differing regulatory baselines and standards often use different terminology, even though they share the same security goals. The lack of a common security language can cost developers time and money, and often creates an unstable foundation for building consumer trust. Developers can implement sound security measures, but with few visible standards or requirements, neither companies nor consumers have proof. This lack of consistency across the industry can lead to many challenges...
- A patchwork of companies offering slightly different security components and solutions, and communicating these in different ways
- Everyone has a different concept of 'secure' - how do you know the product or solution includes enough security?
- Lengthy and costly verification processes
- Lack of security expertise: as IoT devices scale, companies can't scale security engineering expertise
- Lack of assurance that the component and products you're using align to multiple regulations and are globally compliant
Delivering a Known Level of Security
To deliver a known level of security to customers, a single baseline of security must rise to the top. Your customers are assured that the device they're buying is secure, and developers won't have to scramble to meet the various security regulations in different countries. A common language is an efficient and cost-effective way forward that encourages increased adoption of IoT security.
Success means that everyone is talking the same language, understands what a good baseline of security looks like, and can clearly communicate additional security measures across the value chain.
"PSA Certified saves us a lot of time and money because it means everyone involved the design, assembly, and implementation of our solution can work from the same security framework"..."Only the PSA Certified program provides detailed guidelines for the system architecture, not just the application layer. PSA is very organized across all layers and helps us avoid inefficient and lengthy development"
Suik Hwang, CEO, Security Platform Inc.
"Just 2-years ago, ZAYA was secure but when manufacturers asked for proof, we didn’t have any. Now we can just show them the PSA Certified accreditation, which proves we’ve been assessed by an independent authority”
Murak Cakmak, CEO and Founder, ZAYA
"PSA Certified is something that lets us qualify our statements and validates our security assertions... That is very powerful because as PSA gains traction, we're already ahead with industry-leading security our customers can trust.”
Anand Rangarajan, Product Marketing Manager, Microchip Technology
It's becoming increasingly clear that, in order to embrace the opportunities of digital transformation, trust will be key. With security being integral to trust, a holistic solution is needed that spans the whole industry.
Navigating disparate requirements and ensuring compliance across the value chain.
The Cost of Insecurity
Cybercrime is anticipated to cost six trillion dollars by 2021. How can you protect your investments?
Balancing Security Risks
How much security does my device need? Tackle the cost vs. innovation debate.
Reducing IoT Fragmentation Overcome discrepancies between standards and frameworks for IoT security solutions.
05 A Holistic Solution
Embrace innovation and digital transformation with a holistic security framework