End-to-end security, going from the Edge of the IoT to the Cloud, is not something you hear a lot about. Why? Because it’s hard to implement. Securing the individual pieces is far easier, but then you’re left to connect those sometimes incongruent pieces.
Some industry pundits will tell you that security is a hardware issue, while others will claim that it needs to be solved in software. In reality, it’s both. No matter how secure your hardware is, software vulnerabilities will result in a breach, eventually. And the same is true for the opposite scenario.
One combination of vendors that has taken up the end-to-end challenge is Avnet and Microsoft. Microsoft has the software security expertise and chose Avnet to be its exclusive partner on the hardware side. Microsoft’s Azure platform has the unique ability to unite the security chain through a single platform, handling Edge to Cloud.
From the software side, Microsoft claims that there are seven critical properties that must be secured, which all fall under the purview of the company’s Azure Cloud. They are:
- the hardware root of trust, which is formed through unforgeable cryptographic keys generated and protected by hardware
- defense in depth, enabled by using multiple mitigations of countermeasures applied against each threat
- a small trusted computing base, which results in private keys that are stored in a hardware-protected vault and are inaccessible to the software
- dynamic compartments, or hardware-enforced barriers implemented between software components that will prevent a breach in one compartment from propagating to other compartments
- signed certificate-based authentication, which is proven by an unforgeable cryptographic key to ensure the device identity and authenticity
- failure reporting means that any software failure, such as a buffer overrun induced by an attacker probing security, is immediately reported to a cloud-based failure analysis system
- renewable security, which brings the device to a secure state and revokes any compromised assets whenever a known vulnerability or security breach occurs
More Data Means More Security
With such an enormous amount of data coming through the IoT to deploy proper analytics, security concerns grow further. Handling the analytics in the Cloud is a must to the compute power that’s required but working hand-in-glove with the Edge will streamline the process considerably. The reasons for that include lower operating costs, faster response times, potentially less data moving across the network, and remote system management.
Avnet’s SmartEdge Agile product is an example of a hardware solution that comes equipped with a complete software stack. This removes some of the complexity that typically comes with the use of deep learning tools. SmartEdge Agile lets you build AI models and push them to the Edge with platforms hosted on Microsoft Azure. That same SmartEdge Agile solution can be used for all stages of the IoT development, from prototype to production.
The IoT Security Evaluation Framework
Regardless of your approach, always be sure to keep security front-of-mind. Microsoft’s IoT Security Evaluation Framework can be used as a step-by-step guide for dealing with threats that could impact your IoT infrastructure. It does this by using existing threat models defined by the security community, linking these threats to consequences, and defining strategies to evaluate how to detect flaws in your IoT infrastructures.
The IoT Security Evaluation Framework consists of two parts. The first part defines the associations between specific threats, consequences, and evaluation strategies, while the second links evaluation strategies with security evaluators enrolled in the Security Program for Azure IoT.
As stated previously and repeated here for emphasis, securing an IoT infrastructure requires an end-to-end approach, from the physical devices and sensors to the services and data in the Cloud. That must encompass every Edge node, which is a potential point of entry for a hacker, including both the hardware and the software at each point.