ODMs and OEMs must prioritize IoT security:

“Security is just as necessary as your device power supply”

In this podcast, David is joined by Dr. Juan Nogueira, Senior Director of Connectivity Center of Excellence, from worldwide ODM, Flex. They have a fascinating discussion about how Flex approaches security and why there is always space in the bill of materials for security. They also talk about how ODMs are not only creating IoT but also embracing IoT – it’s one not to miss!

Epsiode Featuring

Dr. Juan Nogueira

Senior Director of Connectivity Center of Excellence, Flex.

David Maidment

Director, Secure Device Ecosystem, Arm

We should not be saying that security is adding another cost on the BoM – it shouldn’t be considered like that. It should be something that is necessary, like the power supply, you need to power the device and you need to have security as well.

Episode Notes

Key talking points in this episode:

  • Introduction to Flex and their role in the connected devices industry. [01:03]
  • Juan's role in Flex, offering connectivity solutions. [04:10]
  • Is security a growing concern with Flex’s customers? The concern is growing but it’s not always well understood. [05:15]
  • Using the example of the construction industry, it’s easy to overlook why security is truly important in this use case. [5:40]
  • We need to think beyond security only being for “complex systems” with high-value assets, we need to consider the business impact when everyday operations are interrupted. Time is money! [06:28]
  • The business cost of failure when things go wrong - A modest device performing a modest activity can have a huge impact, at scale, the relationship between the devices and the business impact must be realized. [07:56]
  • We often have to educate partners on the importance of security – take a car as an example, you don’t ask the dealer “is this car secure?” you just assume that it is. Sadly, you cannot just assume things are secure in IoT. [8:50]
  • Flex's proactive approach showing their customers that security is important, it needs to be considered and built-in at the beginning. It’s important to demonstrate security credentials with certification programs like PSA Certified as it adds credibility to the investment in security and means they can demonstrate best practices with our customers. [09:19]
  • “Security is not for only if you have a nuclear plant” [09:52]
  • Discussing the PSA Certified 2021 Security Report and the feedback that cost is still an issue for OEMs [10:20]
  • The cost of security is still the main concern for customers, Flex helps customers in this area by building-in security at the beginning and then helping customers to adopt security into their products – especially in cases where they cannot afford big security teams. [11:28]
  • “Security isn’t a traditional feature that you can monetize” is a wrong concept. There is always room in the Bill of Materials (BOM) to compensate for the additional cost of security, it’s just as necessary as your power supply. [13:15]
  • Fragmentation of regions and markets for product security, your target market affects how you build your product. [15:10]
  • All markets must consider security, the high-impact industries are leading the way: automotive, industrial, medical. Especially as the cost of failure is higher than in other markets. [16:28]
  • Relationship between IoT, security, and machine learning/artificial intelligence in the edge. Moving intelligence from the cloud to the edge will change everything about the way we design products. [18:11]
  • Flex is not just creating IoT but is also embracing IoT so that they can benefit from AI and digital transformation. This brings excitement but also brings opportunities for security breaches. [20:10]
  • The opportunities for production lines, and then reducing the risk in manufacturing (things like downtime of broken machines). Plus, the challenge of technical debt/retrofitting existing machinery, so that those machines can benefit from digital transformation too. [21:50]
  • It’s another example of an area where you think security might not matter, but of course, it’s incredibly relevant. [23:45]
  • What will the world look like in five years’ time? The IoT landscape will be well established and will feel like “everyday normal.” 5G will be deployed in both public and private networks. [24:10]
  • Juan’s advice for device security implementations now to secure tomorrow. [26:58]

Useful Links

What is PSA Certified?

Blog

PSA Certified Partners

Copyright © 2021 Arm Limited (or its affiliates). All rights reserved.