Developing IoT strategies with a security-by-design framework is essential for creating robust IoT solutions able to respond to a growing and changing security threat landscape. Approaches to that can differ and there is no one-size-fits-all solution. The different use cases drive the choices in terms of security features. Robin Duke-Woolley, the chief executive of Beecham Research, discusses this with Cristina de Lera, the head of Infrastructure and Device Security at Infineon Technologies. Infineon proposes a hardware-based approach to capitalise in full on IoT opportunities as strong, tamperresistant protection is needed, which cannot be provided by software alone.
Robin Duke-Woolley (RDW): Why is security such an important element in the development of an IoT strategy? What are the challenges in including security in IoT strategy development?
Cristina de Lera (CdL): IoT is here now and it will add significant value to the global economy. According to a study conducted by the World Economic Forum and Accenture, the Industrial IoT is forecast to add US$ 14 trillion to the global economy by 2030, according to a joint World Economic Forum and Accenture study, titled ‘Digital Transformation of Industries: Telecommunications, 2016’. That means IoT will impact all areas of economies and society. The benefits are potentially enormous, but the security threats increase exponentially. An IoT solution is an integration of components, from devices to applications going through platforms, all subject to potential breaches. Therefore, it becomes essential to develop an IoT strategy with a security framework firmly in mind. However, each IoT strategy is defined by its own applications, business objectives, financial constraints and security requirements. In addition, different market sectors face a different balance of risks, industry-specific security needs, and level of trust requirements. This means that there is no single approach to design, develop and implement security in all IoT applications. Security must be thought of at the beginning of a project and supported by a security-by-design approach.
RDW: To what extent do IoT devices have such specific and diverse characteristics that security solutions should be optimised to each IoT use case?
CdL: At Infineon, we believe that IoT devices usually have four unique characteristics that warrant security solutions being specially designed and optimised for their use cases. First, many IoT devices are simple objects such as sensors with one or a handful of functions. In these simple devices, the microcontroller (MCU) usually has a limited computing capability and physical space. These constraints in turn restrict the security support that the MCU can offer. Secondly, many IoT devices operate powered by batteries. In this case power management functions are tremendously important to assure not to shrink the effective lifespan of the IoT device and thus failing to maximise the benefits of using IoT technologies. Thirdly, security solutions optimised for IoT devices must be able to support embedded Linux, MCU RTOS and bare metal operation without an OS running on top of it. Finally, IoT devices vary in feature sets; from simple movement sensors to […]