Security Can Differ Depending on Your Location, Application, and Other Variables

July 13, 2020 Rich Nass

According to industry analysts, we could see one trillion IoT connections by the year 2035, with the transfer of more than 2 Zbytes of data just from consumer devices alone. Zettabytes was a new one for me. It comes after Exabyte, which follows Petabyte and Terabyte. Suffice to say, it’s a really big number.

Register for Webinar Series Here

With all that data marching around, it would appear to be a hacker’s playground. It’s not difficult to imagine that that a large number of those connections will not contain adequate security. The key here is—does your system contain adequate security?

While the answer should be a simple one—yes—we know from experience that that’s not necessarily the case. There are many variables in play here. One of those variables is that, depending on which region of the world your product will end up, the rules may be different. Some governing bodies are setting the rules for their regions, while others are not, choosing to take the lead from elsewhere.

The video, which features Hadyn Povey, CEO, Secure Thingz & GM, Embedded Security Solutions, explains the part about legislation better than I can.

Another consideration is that both the legislative issues and the technologies are evolving. Just because you’re on top of the regulations today, doesn’t mean you’re good for 2021 and beyond.

The IoT Security Foundation’s charter is to secure the IoT by composing and maintaining a comprehensive compliance framework of recommended steps for creating secure IoT products and services. That framework consists of a 13-step program that serves as a guide for developers. Most developers won’t follow all 13, but the more you can do, the more secure your system will be. For more information on how legislation issues are affecting security in connected devices and how that will evolve moving forward, check out the webinar, Dealing with Security-Related Legislation Issues.

Throw in the fact that the world has a shortage of security experts, and you have a bad mix. From the embedded developers’ perspective, security is a relatively new need when you look at mainstream systems. Not since the IoT started to connect all of our devices has there been such a need. As we’ve discovered, the bad guys can enter in places we never would have expected, like fish tanks and nanny cams.

The Embedded Developers’ DNA

A second reason for lack of security is that it’s still not in the DNA of an embedded developer to integrate the necessary security features. If you have to think “did I include security?” then there’s a chance you didn’t. And if it’s not included right from the beginning of the design, there are likely areas that are unprotected. That’s a risk you should not be willing to take, especially if you’re designing for something like industrial, medical, or automotive.

A tool such as IAR Systems’ C-Trust fixes that problem, especially if you are already a user of its popular Embedded Workbench. C-Trust integrates directly into Embedded Workbench, so adding security is almost as easy as checking off the appropriate boxes.

The bottom line is that, as a developer, security is your responsibility. I advise you to take it seriously.

Submit your questions prior to each webinar here.

About the Author

Rich Nass

Richard Nass is the Executive Vice-President of OpenSystems Media. His key responsibilities include setting the direction for all aspects of OpenSystems Media’s Embedded and IoT product portfolios, including web sites, e-newsletters, print and digital magazines, and various other digital and print activities. He was instrumental in developing the company's on-line educational portal, Embedded University. Previously, Nass was the Brand Director for UBM’s award-winning Design News property. Prior to that, he led the content team for UBM Canon’s Medical Devices Group, as well all custom properties and events in the U.S., Europe, and Asia. Nass has been in the engineering OEM industry for more than 25 years. In prior stints, he led the Content Team at EE Times, handling the Embedded and Custom groups and the TechOnline DesignLine network of design engineering web sites. Nass holds a BSEE degree from the New Jersey Institute of Technology.

Follow on Twitter Follow on Linkedin Visit Website More Content by Rich Nass
Previous Article
It’s Your IP. Keep It That Way

You’ve spent months or even years creating IP that belongs to your company and/or its customers. In many ca...

Next Article
Embedded Insiders Podcast: Let's Settle This. What's More Secure, Proprietary or Open Source?
Embedded Insiders Podcast: Let's Settle This. What's More Secure, Proprietary or Open Source?

This week on the Embedded Insiders, Brandon and Rich discuss an age-old controversy: What’s more secure? Pr...