sb-nz logo
Story image

Securing IoT top priority for enterprises, research says

Securing Internet of Things devices is a crucial goal for every enterprise, according to global tech market advisory firm, ABI Research.

It says integrating security into IoT projects may not be an easy feat, but is an increasingly urgent necessity. 

“With an installed base of 44 billion connected devices projected for 2023, the amount of data and information generated and shared will reach zettabytes of data,” says Michela Menting, digital security research director at ABI Research.

“Much of that data will be sensitive, whether about an individuals privacy or confidential business information. As such, it presents a lucrative opportunity for threat actors, as data has become a highly commoditised asset in modern societies,” she explains.

“Add to that the potential of harnessing unprotected IoT devices for botnets, denial-of-service attacks, or even holding them hostage to ransomware, the imperative for security cannot be ignored.”

Menting says several platforms and tools have emerged in the market recently, which can facilitate security implementation, even in the most basic IoT devices. 

“From a hardware perspective, many semiconductor manufacturers, such as STMicroelectronics, NXP, Renesas, Microchip, Cypress, Nuvoton, MediaTek, RedPine, and Maxim Integrated, are offering secure microcontrollers that can service general-purpose IoT applications from smart home appliances to industrial control systems,” she explains.

“Boosted by Arms Cortex M4 (and soon M23 and M33 cores), they can enable a host of secure functionalities, including security co-processors and cryptographic accelerators, secure storage for keys and certificates, secure execution environments, and root of trust functionalities.”

But beyond that, Menting says these secure microcontrollers come prepackaged with supporting software development tools that can enable developers to leverage these hardware features and deploy secure services, such as key provisioning and onboarding to a cloud platform, as well as lifecycle management (e.g., secure over-the-air software updates).

“In a bid to facilitate secure IoT deployments, the semiconductors vendors offer a wide breadth of software development platforms, from their own proprietary solutions but also focusing on interoperability and compatibility with third-party software and connectivity tools (such as those provided by Segger, Eclipse, Visual Studio, IAR Embedded Workbench, IDE Atmel Studio, Modbus Toolbox, Arm Keil & Pelion, Secure Thingz Deploy Architecture Azure Sphere, AWS & Google Cloud IoT Core, among many others),” she says.

“The aim is to facilitate the use of secure hardware by providing secure software development and service connectivity tools that can easily allow developers to onboard and securely manage their devices,” says Menting.

“Developing and managing secure IoT deployments is no longer the remit of security professionals but is a capability that is quickly becoming available to developers of all levels.

“Enterprises looking to deploy IoT can now more easily engage in securing them, in a more cost-effective manner that can enable faster time-to-market,” she says.

“End-to-end IoT security is within reach for enterprises large and small.”
 

Story image
The current state of ransomware — and its future
Discoveries made by analysts at Sophos have unearthed a new development: ransomware code appears to have been shared across ‘families’, and some of the ransomware groups seemed to work in collaboration more than in competition with one another. More
Story image
Sophos Rapid Response puts out the ransomware fire
“Attackers are using a range of techniques and whichever defence has a weakness is how they get in. When one technique fails they move on to the next, until they find a weak spot."More
Story image
How the editorial team works at Techday: Our tips for you
Preparing your releases in a particular way will not only make our lives easier, but improve the chances of your lead being picked among the masses.More
Story image
Check Point exposes Android malware vendor using dark net to rebrand products
Check Point security researchers have exposed an Android malware vendor using a marketer on the dark net to rebrand its products, with the intention of supercharging business and throwing off security vendors. More
Story image
Red Hat to acquire Kubernetes-native security provider StackRox
Red Hat will further expand its security offering, adding StackRox's complementary capabilities to strengthen integrated security across its open hybrid cloud portfolio.More
Story image
BackupAssist partners with Wasabi for greater cyber-resilience
This partnership provides customers with an up to 80% less expensive solution that is faster than the competition for achieving enterprise-grade cyber-resilience, the company states. More