Solving IoT device security at scale through standards

%3CLINGO-SUB%20id%3D%22lingo-sub-1861987%22%20slang%3D%22en-US%22%3ESolving%20IoT%20device%20security%20at%20scale%20through%20standards%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1861987%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSTRONG%3EEdge%20Compute%20Node%20protection%20profile%20(ECN%20PP)%E2%80%94now%20available%E2%80%94guides%20you%20to%20engineer%2C%20claim%2C%20evaluate%2C%20and%20consume%20device%20security%20for%20IoT.%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EInternet%20of%20Things%20(IoT)%20solution%20builders%20these%20days%20are%20more%20likely%20to%20deploy%20IoT%20solutions%20with%20unsecured%20devices%20because%20they%20cannot%20verify%20device%20security%20claims%20from%20device%20makers.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ESolution%20builders%20could%20create%20secured%20devices%20themselves%2C%20however%20they%20don%E2%80%99t%20because%20they%20either%20lack%20domain%20expertise%20or%20simply%20prefer%20to%20buy%20devices%20off-the-shelf.%20Device%20makers%20possess%20the%20requisite%20expertise%20to%20secure%20devices%2C%20but%20lack%20ability%20to%20convey%20details.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EFor%20example%2C%20language%20constructs%20such%20as%20conveying%20computation%2C%20storage%2C%20and%20power%20profiles%20of%20an%20Industrial%20PC%20(IPC)%2C%20are%20simply%20not%20available%20for%20security.%20Device%20makers%20therefore%20see%20no%20motivation%20to%20invest%20in%20securing%20devices%20if%20they%20can%E2%80%99t%20claim%20the%20value%E2%80%94hence%20the%20current%20stalemate.%20Our%20studies%20and%20observations%20show%20this%20stalemate%20exists%20for%20two%20reasons%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3ELack%20of%20standards%20guiding%20how%20to%20holistically%20engineer%20and%20claim%20device%20security.%3C%2FLI%3E%0A%3CLI%3ELack%20of%20standards%20guiding%20how%20to%20consume%20and%20verify%20device%20security%20claims.%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EGiven%20IoT%20globally%20connect%20solutions%2C%20supply%20chains%2C%20and%20interests%20irrespective%20of%20company%2C%20geography%2C%20or%20governmental%20affiliations%2C%20effectively%20solving%20the%20stalemate%20also%20requires%20global%20openness.%20We%20undertook%20this%20challenge%20and%20can%20report%20significant%20progress.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fazure.microsoft.com%2Fen-us%2Fblog%2Fsolving-iot-device-security-at-scale-through-standards%2F%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3E%3CSTRONG%3EContinue%20reading%20here%3C%2FSTRONG%3E%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1861987%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EIoT%20Devices%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIoT%20security%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Microsoft

Edge Compute Node protection profile (ECN PP)—now available—guides you to engineer, claim, evaluate, and consume device security for IoT.

 

Internet of Things (IoT) solution builders these days are more likely to deploy IoT solutions with unsecured devices because they cannot verify device security claims from device makers.

 

Solution builders could create secured devices themselves, however they don’t because they either lack domain expertise or simply prefer to buy devices off-the-shelf. Device makers possess the requisite expertise to secure devices, but lack ability to convey details.

 

For example, language constructs such as conveying computation, storage, and power profiles of an Industrial PC (IPC), are simply not available for security. Device makers therefore see no motivation to invest in securing devices if they can’t claim the value—hence the current stalemate. Our studies and observations show this stalemate exists for two reasons:

 

  • Lack of standards guiding how to holistically engineer and claim device security.
  • Lack of standards guiding how to consume and verify device security claims.

 

Given IoT globally connect solutions, supply chains, and interests irrespective of company, geography, or governmental affiliations, effectively solving the stalemate also requires global openness. We undertook this challenge and can report significant progress.

 

Continue reading here

0 Replies