Security Can Differ Depending on Your Location, Application, and Other Variables
July 13, 2020
According to industry analysts, we could see one trillion IoT connections by the year 2035, with the transfer of more than 2 Zbytes of data just from consumer devices alone.
According to industry analysts, we could see one trillion IoT connections by the year 2035, with the transfer of more than 2 Zbytes of data just from consumer devices alone. Zettabytes was a new one for me. It comes after Exabyte, which follows Petabyte and Terabyte. Suffice to say, it’s a really big number.
With all that data marching around, it would appear to be a hacker’s playground. It’s not difficult to imagine that that a large number of those connections will not contain adequate security. The key here is—does your system contain adequate security?
While the answer should be a simple one—yes—we know from experience that that’s not necessarily the case. There are many variables in play here. One of those variables is that, depending on which region of the world your product will end up, the rules may be different. Some governing bodies are setting the rules for their regions, while others are not, choosing to take the lead from elsewhere.
The video, which features Hadyn Povey, CEO, Secure Thingz & GM, Embedded Security Solutions, explains the part about legislation better than I can.
Another consideration is that both the legislative issues and the technologies are evolving. Just because you’re on top of the regulations today, doesn’t mean you’re good for 2021 and beyond.
The IoT Security Foundation’s charter is to secure the IoT by composing and maintaining a comprehensive compliance framework of recommended steps for creating secure IoT products and services. That framework consists of a 13-step program that serves as a guide for developers. Most developers won’t follow all 13, but the more you can do, the more secure your system will be. For more information on how legislation issues are affecting security in connected devices and how that will evolve moving forward, check out the webinar, Dealing with Security-Related Legislation Issues.
Throw in the fact that the world has a shortage of security experts, and you have a bad mix. From the embedded developers’ perspective, security is a relatively new need when you look at mainstream systems. Not since the IoT started to connect all of our devices has there been such a need. As we’ve discovered, the bad guys can enter in places we never would have expected, like fish tanks and nanny cams.
The Embedded Developers’ DNA
A second reason for lack of security is that it’s still not in the DNA of an embedded developer to integrate the necessary security features. If you have to think “did I include security?” then there’s a chance you didn’t. And if it’s not included right from the beginning of the design, there are likely areas that are unprotected. That’s a risk you should not be willing to take, especially if you’re designing for something like industrial, medical, or automotive.
A tool such as IAR Systems’ C-Trust fixes that problem, especially if you are already a user of its popular Embedded Workbench. C-Trust integrates directly into Embedded Workbench, so adding security is almost as easy as checking off the appropriate boxes.
The bottom line is that, as a developer, security is your responsibility. I advise you to take it seriously.