High Price to Pay for Prioritizing Time to Market over Security
Picture the scene: Faced with dwindling reserves and a pre-Christmas delivery date, your finance team proposes redirecting budget towards functionality and away from the ongoing management and security aspects of your latest product.
It might seem like a no-brainer: The device hits holiday shelves on time and on budget and a mid-January over-the-air (OTA) firmware update takes care of any security concerns.
Sound familiar? You’d certainly not be alone if it did. Many companies have historically weighed investment in securing Internet of things (IoT) solutions against the cost of extending their time-to-market or introducing design complexity, and opted to prioritize the latter.
It’s a common mistake where companies ignore the inevitable and store up ‘security debt’. Focus is placed upon the development and deployment of devices at scale, yet hardly any attention is paid to the ongoing support and eventual retirement of devices.
This is very much a case of short-term gain, long-term pain. Without regular updates, devices and services will decay—becoming increasingly distanced from current standards and very quickly falling out of step with industry-level security vulnerability discoveries and fixes.
End users can become victims when devices become ‘orphaned’ or abandoned because other parties cease trading or retire support. As a result, they lose trust in your brand, losing you further custom and shrinking that product development budget even further. The cycle continues.
Security is not optional
By having clear access to device management and contractual support for end-of-life, enterprises and supporting IoT companies have a better way to transfer ownership, modify configurations and ensure that systems don’t become abandoned, creating a security risk.
Having access to a device’s security exposure in a regular, consistent manner also offers peace-of-mind for consumers, while offering a reasonably clear pathway to device retirement.
Yet consumer trust remains far too low. In the Arm 2020 Predictions Report, we noted that when it comes to securing IoT solutions, less than a quarter of respondents feel that tech companies are doing enough.
Providing a clearly-managed solution to consumers is one way to demonstrate commitment to security. Consumers are willing to pay for it, too: two thirds of respondents said they’d pay more for a truly secure device.
So why are devices still reaching the market that don’t meet stringent security requirements? In order to shed some light on this critical topic, Arm has commissioned IoT security expert and founder of Copper Horse Ltd David Rogers MBE.
In the resulting white paper, Securing IoT Solutions by Design,David offers an impartial guide to securing IoT solutions by design—having chaired the Fraud and Security Group at the GSMA, the Executive Board of the Internet of Things Security Foundation. He was awarded the MBE for services to Cyber Security in the Queen’s Birthday Honours 2019 and he’s well placed to highlight trends from a range of industries and offer best practice to those embarking on their own secure digital transformations.
Security debt is just one concept in a white paper that’s ripe with contradictions:
We want to secure devices, but we’re unsure of how to go about it
System Architects, Operational Executives, Product Managers, and Developers understand that a device management platform has a role to play in securing IoT solutions and the ecosystem they exist in. But few understand ‘why’ it’s so important and ‘how’ to adopt this approach in a secure, streamlined and scalable fashion.
Simple hacks can be the hardest to protect against
Device hacks are becoming increasingly frequent, but you’d be surprised by the simplicity of some attacks. Conversely, the protection of diverse device types is no easy task, especially when an enterprise’s duty of care lasts not just to the point of sale, but for the device’s entire life cycle.
Disparate device types governed by a single standard
The white paper predicts the adoption of homogenous standards to be endorsed by various industries and their IoT solutions. Whilst the ETSI Technical Specification TS 103.645, Cyber Security for Consumer Internet of Things was designed for consumer products, it combines an array of principles that can protect any IoT deployment.
We want more, but only if it’s risk-free
Governments and consumers the world over recognize that companies are not going far enough in securing IoT solutions and Governments are feverishly preparing regulation and certification schemes to mitigate risk as device estates numbers grow exponentially. Copper Horse predicts it is extremely likely that we will see the first device being rejected by either legislators or consumers themselves on the ground of lax security before 2025.
Many IoT products are failing even on the basics
Recent examples include more than 1 million DAB radios leaving unnecessary and old protocols like telnet open to attack and 600,000+ GPS trackers operating with the same default password of 123456.
Not knowing that devices are being hacked, or even that attempts are being made against them, is negligent and the functionality to manage these devices must be implemented correctly, otherwise, it risks becoming just another security loophole.
Perhaps the most important, yet difficult task for a business to accomplish in securing IoT solutions is device provisioning and IoT system enrolment. It’s best to perform this remotely and in a simple, but secure fashion. It could be that provisioning is via self-enrolment by the customer or during a commissioning process by another company or maintenance engineer.
So many companies, so few points of contact
Research conducted by Copper Horse (on behalf of IoT Security Foundation in 2018) discovered that despite the boom in companies deploying IoT devices, less than 10 percent of IoT companies have a straightforward way for security researchers to interact with, securely manage or update devices, leaving both users and manufacturers exposed in the event of a major breach.
The white paper details how even subconscious decisions can undermine the long-term security of a system during development, or by undermining a secure post-deployment life cycle by providing little to no aftermarket support.
Read Copper Horse’s Securing IoT Solutions by Design white paper to learn how enterprises can develop a device life cycle that’s secure by design whilst introducing scalability, security, and longevity for your device ecosystem.
Any re-use permitted for informational and non-commercial or personal use only.
Editorial Contact
Latest on Twitter
🗓️ Join us on Wednesday July 31 for our next financial results conference call.
After market close, we'll report our earnings results for the first quarter of fiscal year 2025, followed by a conference call to review our results and business outlook: https://okt.to/koqGT0
The "Write Once, Deploy Everywhere" approach to code is key to seamless deployment for developers.
Through expert talks and demos @WeAreDevs, we demonstrated how this is a game-changer for building and deploying next generation apps at scale.
Thanks to everyone who joined us!🙌
With the escalating need for power-efficient systems, @FujitsuFNC's turned to Arm to build the FUJITSU-MONAKA CPU - a processor designed to help achieve energy savings of 40% in Japanese data centers by 2030.
+ That's without compromising AI innovation: https://okt.to/WM0F3A
Arm KleidiAI brings 30% performance improvements to @Google AI Edge's MediaPipe and XNNPACK running the Gemma 2B LLM. 💪
This is the first integration of many, as we enable more LLMs to run as effectively and efficiently as possible on Arm mobile CPUs: https://okt.to/qLW8He
Flooding can happen anytime, but early warning systems can help reduce its impact on communities and protect lives.
We're proud to work with @UNICEF_uk and support the team in Karonga, Malawi to bring the latest in flood alert technology to communities:
How can developers stay ahead in the age of AI?
Andy Wafaa shares details on the tools required to optimize code, increase accessibility, and shape the future of computing at @WeAreDevs World Congress: https://okt.to/wJakX3
Since 2012, Raspberry Pi's been changing the game for businesses in the ecosystem.🚀
Founder & CEO, Eben Upton shares the origin story of Raspberry Pi and why he chose Arm as the architecture of choice:
Interview recorded in Jan 2023.
Arm Education in Conversation with Eben Upton
In this episode, we interview Eben Upton, founder and CEO of Raspberry Pi (Trading) Ltd. Eben shares with us the...
okt.to
In the age of AI, collaboration is crucial to solve technological and societal challenges.
Together with a group of academics at our Cambridge office, we've developed a "Call for Action," identifying the steps needed to ensure AI adoption in both the public and private sectors.
Ready to upscale your mobile game development without losing performance?
👉 Say hello to Arm Accuracy Super Resolution
It's our open source solution derived from FSR2, designed to increase the resolution of images from low to high with our efficient shader code:
.@AWSCloud Graviton4 is here! 🙌
Announced in GA, Graviton4 uses Arm Neoverse V2 to provide the most powerful, energy efficient AWS processor to date.
It follows 5+ years of collaboration on Graviton to enable CPU silicon innovation in the Amazon Cloud: https://okt.to/UWM0FR
Proud to partner with @AlzheimersBRACE to support dementia research and foster community. 🤝
From running the Bristol Half-Marathon to raising £2K+ for charity and spreading awareness, shoutout to our team for making a real impact. 💙
Not sure where to start with running Llama models? We've got you. Our 🆕 learning path teaches you how to build and run a simple Android Chat app with different Llama models using ExecuTorch and XNNPACK.
Dive into the step-by-step guide in the link below.
⚡ Silicon is defining and revolutionizing technology.
With the help of our partners, we're at the forefront of its evolution, driving innovative new approaches to silicon design with CSS and chiplets to define the future of computing.
More in @WSJ. 👇
Paid Program: The Evolution of Silicon
From Moore’s Law to today’s modern designs for AI, silicon is defining technology markets now and in the future.
okt.to
Arm CSS for Client is unleashing the power of the Armv9 architecture for AI innovation.
CSS for Client delivers physical implementations across Arm CPUs and GPUs, simplifying SoC builds for the fastest path to production silicon.
Learn more👇 https://okt.to/Q3yLjc
The advancements in large multimodal models and GenAI herald a new era in AI robotics.
That’s why tomorrow's robotics are harnessing the power of LLMs to improve energy efficiency, security, and functional safety.
🦾 And it's all happening #onArm: https://okt.to/6nbZ9m
The world's leading AI companies are prioritizing data center efficiency to scale and grow. And they're doing it #onArm.
Arm CMO Ami Badani joined The Artificial Human Podcast to discuss why efficiency is crucial to driving AI innovation.
The Artificial Human - How green is my AI? - BBC Sounds
Aleks Krotoski and Kevin Fong ask, how green is my AI?
okt.to
Here's a glimpse of our #INWED24 celebrations in Kenya, Ghana and Switzerland.
The Arm-Ambassador-led events brought everyone together to celebrate the significant impact of women engineers and to inspire future innovators to help bridge the STEM gap: https://okt.to/9ZAuna
Find $ARM in the Nasdaq-100 Index from today. 🙌
As we go from strength-to-strength as a public company, we're excited to join industry leading companies on the @Nasdaq stock exchange, emphasizing the importance of Arm tech among the global ecosystem: https://okt.to/gpRsAe
Create the best possible AI experiences with KleidiAI. ⚡
KleidiAI provides a collection of highly optimized AI kernels that can be embedded directly into popular AI frameworks as part of Kleidi Libraries.
Ready to reap the benefits?
🥳 Our partners @HPE and @NVIDIA are making turnkey private-cloud AI a reality!
Announced this week, NVIDIA AI Computing by HPE brings the power and efficiency of Grace Hopper Superchips, built #onArm, to the HPE ProLiant Compute DL384 Gen12 server.
HPE ProLiant Compute DL384 Gen12 | HPE Store United Kingdom
okt.to
For #WorldRefugeeDay, we're celebrating our partnership with @Refugees & @UNRefugeesUK to ensure AI tools for humanitarian efforts are used responsibly.
By supporting @UNHCRinnovation, we can ensure diversity is built into tools from the ground up:
We're putting the foundations in place for a thriving, diverse, chiplet ecosystem in Automotive.
From participation in @imec_int's Automotive Chiplet Program, to our role in SOAFEE, here's how we're ensuring interoperability and performance for chiplets: https://okt.to/eBfYgd
Here's to our fantastic, award-winning Internal Comms team. 👏
At the #ICEAwards, the team took home 3️⃣ awards for:
⭐ Best event
⭐ Best Internal Comms from the tech, media and telecommunications sector
⭐ Best Internal Comms Campaign in a large business under 10,000 employees
Rene Haas joined the Samsung Foundry Forum to discuss our almost 30-year partnership and the possibilities of Arm CSS.
By removing the complexity from SoC development, Arm CSS enables our partners to move faster in the age of AI, with the support of partners like Samsung.
