High up on companies’ list is protecting their data, privacy, physical safety, and infrastructure. This is true across the board. No matter the industry, sector, or business, any enterprise looking to develop and deploy secure, connected devices has a similar list of concerns. Microsoft’s latest answer to this need for privacy and security in IoT (Internet of Things) connected devices, Azure Sphere, is now generally available, and the timing seems right on point.
Azure Sphere is Microsoft’s integrated security solution for IoT devices and equipment. It includes hardware, OS (operating system), and cloud components and aims to help enterprises safeguard their connected devices and, as a result, protect their customers and their own businesses. Features of Azure Sphere include multiple protection layers, automatic OTA (over-the-air) updates, error reporting, and flexible deployment options to help enterprises secure new and existing equipment and devices.
Microsoft has also published a whitepaper called The Seven Properties of Highly Secure Devices, which makes the case that the industry underestimates the need for security in every single connected device; none should fly under the radar, no matter how seemingly harmless or trivial. The reality is that in low-cost devices, security too often takes a back seat to pricing concerns. And while end users certainly appreciate the lowest possible prices for connected devices, they need to be educated so that they understand that cutting corners on security to drive prices down will only cost more in the long run.
Properties Microsoft highlights in its whitepaper include things like the idea that highly secure devices have a hardware-based root of trust, in which the hardware itself offers physical countermeasures against physical attacks and prevents reuse for unintended actions. The whitepaper also says highly secure devices have a small TCB (trust computing base), which minimizes the available attack surface. Highly secure devices also have defense in depth, meaning a device’s security should have multiple layers. Furthermore, highly secure devices provide compartmentalization to help contain a breach if it occurs; they use certificate-based authentication; they have renewable security; and they have failure reporting.
Today’s news headlines contain all kinds of warnings for anyone who is paying attention. Cybersecurity experts warn about new vulnerabilities in IoT devices in the 5G era. They warn about AI (artificial intelligence) and how AI technologies are playing a role for better and for worse in terms of privacy and security in our connected society. They also warn about how cybercriminals may start exploiting biometric authentication in consumer devices like smartphones. And just the other day, the U.S. government came out with a warning about a set of 12 cybersecurity vulnerabilities in IoT devices collectively called “SweynTooth Vulnerabilities.” The vulnerabilities are thought to affect a large number of smart home, wearable, and medical devices that leverage BLE (Bluetooth Low Energy) connectivity.
A war is being waged on our connected devices, and there is no end in sight to this struggle. As defenses get stronger, so do offensive techniques, and so continues the tug-of-war with cybercriminals. For enterprises leveraging the IoT, the safest way to ensure businesses can benefit from these devices and technologies without suffering undue risk is to follow advice like that outlined in Microsoft’s latest whitepaper on the principles of highly secure devices. Whether Azure Sphere is the solution that fits or not, what’s important is that companies consider security an integral part of their IoT strategies.