524,329 active members*
3,077 visitors online*
Register for free
Login Register
WIBU-SYSTEMS Blog

Perfection in Protection, Licensing, and Security

Securing Connected Devices: Considerations for Make or Buy

February 2016
02
Author: Wibu-Systems
Company: WIBU-SYSTEMS AG
Securing Connected Devices: Considerations for Make or Buy

The new challenges presented by connected devices are causing developers to go back to basics and even rethink the term security and what it means in the IoT.

Security and the IoT are terms becoming intrinsically linked in the grand discussion of connected devices and their envisioned applications in virtually every aspect of our ecosystem, whether it be consumer wearables, medical devices, or industrial systems.

Ted Harrington, Executive Partner, Independent Security Evaluators, made this comment recently inIoT World News: "IoT is very much a double edged sword. After all, the more companies collect and store data – the more reason hackers have to target them. And the more objects we connect – the more openings we create for technological infiltration."

Harrington went on to note that he believed that security is not a development priority in the IoT industry today. "If you consider the types of security vulnerabilities that plague this industry, it clearly demonstrates the security is not built in.  If secure design principles were better integrated into product design, many of the fundamental flaws would disappear," he added.

This sentiment hasn’t been lost on connected device developers and the main reason why many organizations like the Industrial Internet Consortium are collaborating with industry leaders to develop security guidelines and best practices for IoT manufacturers. For some developers, the new challenges presented by connected devices are causing them to go back to basics and even rethink the term security and what it means in the IoT.

For example, Colin Walls, an embedded software technologist with Mentor Graphics said in an article in New Electronics: "I’m worried about use of the term ‘security’, because it can mean one of several things; all of which are important. For example, it can mean protecting data you’re transmitting that you don’t want people to see. It can also mean preventing people from getting into systems. Then there’s making systems safe. Safety and security are not the same thing; safety is protecting the world, while security is vice versa."

The new generation of embedded system developers are essentially in the same predicament that ISVs of traditional PC applications found themselves in years ago. Do they invest in acquiring the expertise in new technologies required to secure and protect connected devices or collaborate with outside security experts to help them build-in security by design – the classic Make or Buy dilemma. It’s a major consideration and a decision not easy to make. Let’s take a look at some of the factors involved in securing IoT devices:

Integration in devices and software

  • Device-specific licensing
  • Multi-platform support
  • End-to-end turnkey protection and licensing from product planning, development, operations and maintenance
  • Industrial-grade properties (small footprint)
  • Support for OPC UA
  • Secure boot

Upgrades and updates

  • Secure updates
  • Feature on demand licensing 

Licensing models

  • Models tailored to the IoT (i.e. pay per use license models)

License management, access rights, and certificates

  • Simple integration in all business processes, from development and production to sales and servicing
  • License management via the cloud, with 24/7 self-service capabilities, including license activation and returns, transfer to other devices, upgrades, license renewal or cancellation.

Scalable safeguards

  • Flexible pricing and service packages for different use cases
  • Complete hardware, software, and cloud-based solutions
  • Industrial-grade secure elements in common form factors

Protection

  • Data integrity
  • Proof of origin
  • Tamper protection
  • Protection against reverse engineering, copying, or cloning
  • Authentication
  • Access rights

If you would like to dig deeper into these many security considerations, I invite you to download Wibu-Systems’ whitepaper, Licensing and Security for the Internet of Things.

Blog Archiv

July 2020
June 2020
May 2020
April 2020
March 2020
February 2020
January 2020
November 2019
October 2019
September 2019
August 2019
July 2019
June 2019
May 2019
April 2019
March 2019
February 2019
January 2019
December 2018
November 2018
October 2018
September 2018
August 2018
July 2018
June 2018
May 2018
April 2018
March 2018
February 2018
January 2018
December 2017
November 2017
October 2017
September 2017
August 2017
July 2017
June 2017
May 2017
April 2017
March 2017
February 2017
January 2017
December 2016
October 2016
September 2016
July 2016
June 2016
May 2016
April 2016
March 2016
February 2016
January 2016