Security From Inception: Why IP Protection is Essential
All over the world, the number of connected devices is growing. With this comes a huge potential for unimagined products and business models. The challenge with connected products is security and to protect a company’s fundamental assets in hardware and software IP. How do we ensure the right level of security? It all starts from the inception.
Traditionally, security has been driven by the need to protect consumer integrity. We see this trend by the range of laws and regulations that protect personal integrity and security, which are being imposed by governments worldwide. In addition, various industry expert organizations are supporting these initiatives by contributing with best practices in the area. The common goal is to define and agree on an acceptable level of security within reasonable efforts.
If we look at security from another point of view, our customers, we see that they are increasingly seeking effective ways to protect investments, property, and reputation when deploying applications into the IoT. Every company want its products to succeed; but too often security concerns prevent products from reaching their full potential. Any weakness in a system, process, or application is a risk that can be exploited. Unfortunately, the reality is that system compromises are a fact of life, and even minor mistakes can lead to major consequences.
SECURITY STARTS IN THE DEVICE
Implementing security is often perceived as difficult if not impossible because of the many parameters that must be considered. This is in many ways a misconception, especially when security is built in from inception. Security must start in the device, in the hardware itself (Figure 1). Good news is that we see an increasing number of MCUs with security capabilities being launched, and this will continue to improve over time. But hardware is only part of the challenge. You need robust software solutions to fully take advantage of the hardware capabilities and protect the IP.
What we have learned from our customers is that the need to protect IP is crucial, but at the same time, for those companies that are not ready to move into a secure MCU, there is a need for a security solution that supports projects currently in development. They need a solution that helps them reach a level of security that is sufficient as a starting point for ensuring their IP is not stolen or counterfeited.
The concept of Security From Inception reflects the reality that adding security late in the development process rarely works (Figure 2). IoT security needs to be straightforward, scalable and sustainable. Building security into the design process is the best way to achieve this in the long term. There are many reasons to implement security already from inception. Each device needs to be provisioned with a unique identity from first deployment and later on for updates during the device’s life cycle. Additionally, the software of cause needs to be able to resist hacker attempts to prevent unauthorized access of the device or entire systems.
3RD PARTY RISKS
When it comes to protecting software IP, the security is necessary to prevent device software from being cloned or duplicated by third-party suppliers without authorization or control. Such software IP theft can turn out to become immensely costly, both by damaging the brand and possible financial ramification as well as the often invaluable sufferings of an innocent third party. Another aspect of implementing security into your software is that you will be able to control that the amount of units being produced of the hardware will stay limited according to agreements. The occurrence of overproduction and counterfeit products and components are certainly a costly process for the companies exposed.
Regardless of whether we have the consumers’ best interests at heart or whether we seek to protect corporate values, there is a universal need for adding a security layer that is easy to understand and implement. There is both a request to amend already deployed devices that might be lacking in security and a wish to add security from inception on all new devices that are being developed and deployed from now on. Many companies are looking for guidance on how to best implement security suitable for their needs to protect their IPs and to the extent that is required to comply with new laws and regulations, as well as what is appropriate for the application in question.
At IAR Systems, we have been following our customers through company transformations, challenges and needs. The embedded evolution led our customers to concerns about code quality when embedded development grew in complexity and security. We will continue to answer questions on both the “what” and the “how” to turn this security transition into a business advantage for any company regardless of how far they have come in this transformation process.
IAR Systems | www.iar.com
PUBLISHED IN CIRCUIT CELLAR MAGAZINE • NOVEMBER 2020 #364 – Get a PDF of the issue
Stefan Skarin has been CEO of IAR Systems since April 2009, and CEO of IAR Systems Group AB (formerly Intoi AB) since February 2008 (as well as CEO between 2001 and 2006). As CEO of IAR Systems Group AB, Stefan was the driving force behind the acquisition of Secure Thingz, the domain experts in IoT security, in 2018. As CEO of Intoi, Stefan was highly involved in Intoi’s acquisition of IAR Systems in 2005 and Intoi’s focus on IAR Systems in 2011. Stefan has over 30 years of experience in the IT and software industry, including Sales Director at Adobe Nordic, CEO of Interleaf Norden and several senior international positions at Oracle Corporation. He can be reached at Stefan.Skarin@iar.com