In-brief: Internet of Things will break the traditional perimeter-based model for security, and article at Semiconductor Engineering declares. But are device makers ready to do what’s necessary to build a new generation of secure endpoints that can scale globally?
There’s an interesting round-up of some offline discussions of Internet of Things security over at the web site for Semiconductor Engineering. Many of these took place at conferences in and around the Bay Area, apparently. But it includes some interesting insights from decision makers in major IoT supply chain pillars including companies like AMD and NXP Semi (recently acquired by Qualcomm).
The long and short of this: security is going to need to go lower, deeper and be ubiquitous if the promises of the Internet of Things to be realized. As opposed to the older, feudal model of Internet security: in which islands of IT assets and data were protected by walls (network perimeters), the Internet of Things is going to resemble, much more, the open and borderless societies of the late 20th and early 21st centuries.
Quoting one expert at the firm Analog Devices, the article talks about the emergence of ‘connectivity centric’ computing. From the article:
“For IoT right now, we’re moving to a place where we’re going to get globally connected,” said Doug Gardner, chief technologist for the Security Technology Group of Analog Devices. “We’re moving from a space where we’re IT-centric to basically content-centric, so you kind of define perimeter as you try to protect things. If you really believe in the vision of IoT, you’re going to move to ‘connectivity-centric’, which means you have no more perimeter. It’s all open. You have machine-to-machine, you have interactions. You have no choice but to put security at your endpoint. You need that security to be based in a hardware root of trust.”Gardner noted.
If each endpoint is going to be its own island, security will have to move much lower in the stack to be able to span across devices of all different shapes, sizes and capabilities. There can be no expectation of an operating system or even hardware monoculture, like the one that grew up in the 1980s and 90s around Microsoft and Intel.
“If you really want us to scale across the trillions that people, the visionaries, are seeing, security has to be in hardware and it has to be in everything,” Tim Wilson, senior staff architect for the MCU32 business at Microchip Technology, is quoted as saying.
But that won’t be easy: manufacturers currently have few incentives to spend extra or delay projects to get security right. And, as things stand, consumers are clamoring for more secure connected stuff.
“One of the biggest hurdles we have is just getting people, even though there’s been so many hacks going on, to realize they really need security,” said Tim Wilson, senior staff architect for the MCU32 business at Microchip Technology. “Unfortunately, they need it in their refrigerator, because it’s tied to the Internet, and they need it to all these millions of devices shoving data to the cloud because that’s the biggest hold back on IoT. People aren’t secure with the data they’re sending and can’t trust that it will remain anonymous. We really kind of scared the sheriff.”
Check out the full article here: Semiconductor Engineering .:. Can Low-Power Devices Be Secure?