Edge Secured-core: Azure Certified IoT devices with built-in security

Published 03-02-2021 06:00 AM 4,444 Views
Microsoft

Edge computing gives customers the ability to move cloud-like workloads out of the data center to the very places where data is collected, delivering real-time intelligence and solving intermittent connectivity issues. Yet as the number of devices making up IoT increases, so do the IoT security challenges that companies must address.

 

According to the Palo Alto Networks Unit 42 research team, more than half of IoT devices are vulnerable to medium- or high-severity attacks. In addition to this increase in existing IoT devices vulnerable to serious threats, companies must deal with a lack of expertise and familiarity with security standards as well as complex regulations like the IoT Cybersecurity Improvement Act of 2020.

 

In keeping with the Microsoft end-to-end security promise and our belief that every IoT device should be secured by design, we shared during Microsoft Ignite that Edge Secured-core certification is now available as part of the Azure Certified Device program. Below, I’ll share how Edge Secured-core addresses vulnerabilities and helps enterprise customers, device manufacturers, and solution builders accelerate the development and deployment of secure, scalable IoT solutions.

 

Edge Secured-core devices meet additional security requirements

Edge Secured-core is an incremental certification in the Azure Certified Device program for IoT devices running a full operating system, such as Linux or Windows 10 IoT. Edge Secured-core certified devices meet additional security requirements around device identity, secure boot, operating system hardening, device updates, data protection, and vulnerability disclosures; they also must include a built-in security agent and security by default.

 

Building on the expertise Microsoft developed around Secured-core for commercial Windows 10 PCs, Edge Secured-core takes a similar approach for IoT devices. This certification can be used to validate that certified devices include specific security hardware technology, have an operating system with built-in security, and use IoT services that continually monitor for threats on the device.

 

Edge-Secured-Core-diagram.png

 

 

Edge Secured-core drives scalable security

Through the use of Edge Secured-core, companies can validate that IoT devices are built with a foundation of security and can be deployed seamlessly and securely. It also provides enterprises and solution builders with the confidence that the devices they’re purchasing deliver the following security promises:

 

  • Hardware-based device identity
  • Capable of enforcing system integrity
  • Stays up to date and is remotely manageable
  • Provides data-at-rest protection
  • Provides data-in-transit protection
  • Built-in security agent and hardening

Here are a few specific scenarios where you can see the added value for Edge Secured-core devices compared to devices without it.

 

Scenario

Device without Edge Secured-core

Edge Secured-core device

Six months after purchasing the device, there’s a vulnerability. The device receives an update and the vulnerability is fixed.

At the discretion of the device builder to update the device.

Required to supply device updates for a period of at least 60 months from the date of submission.

A built-in security product that monitors the device for security threats such as ransomware.

At the discretion of the device builder to update the device.

Azure Defender for IoT is built in.

Protect user data at rest and in transit with modern protocols and algorithms.

 

At the discretion of the device builder to update the device.

The device must support modern protocols & algorithms to protect data at rest and in transit.

Device identity is rooted in hardware.

At the discretion of the device builder to update the device.

The device must use modern TPM and enable Secure boot.

 

Overall, Edge Secured-core helps companies securely manage and update devices—from pushing out device updates to fixing any identified vulnerabilities and protecting user data at rest or in transit, to featuring built-in security that helps monitor the device for security threats.

 

Learn more about Edge Secured-core certification

Learn more about this announcement and others during Microsoft Ignite (March 2-4) and during embedded world (March 1-5). To get started with Edge Secure-core certification, browse the following resources:

 

Version history
Last update:
‎Mar 03 2021 12:03 PM
Updated by: