By Tyler Gannon & Amit Rao
With billions of IoT devices coming online, accompanied by a corresponding rise in the number of attacks, IoT Security is top of mind for most everyone with an existing, or planned IoT footprint. IoT brings new security challenges introduced by the scale and pace of adoption, as well as the legal and safety consequences of compromised security. As per a latest report from ARM PSA and the Irdeto Global Connected Industries Cybersecurity Survey, an incredible 5,200 cybersecurity attacks targeting IoT devices are launched every month, with 7 million data records compromised daily. The average cost of a successful IoT device attack is more than $330,000.
The EU enacted a Cyber Security Act in 2019; more recently the United States created the Cybersecurity Improvement Act of 2020 and the subsequent 2021 Biden Executive Order addressing Cybersecurity mandating adherence to specific security standards and compliance with a Software Bill of Materials (SBOM). As a result IOT device security has become part of the critical path of any successful IoT project. The challenge is that to-date, most of the focus for IoT security has fallen into 2 buckets: 1) secure-by-design solutions focused on the manufacturing process, or 2) extending Enterprise security solutions to include IoT devices, often after they’ve already been deployed.
The challenge with both of these approaches is that each creates a significant gap between the beginning of the value chain with chip and device manufacturers, and the end customer who is ultimately tasked with managing the full device identity lifecycle. The result is delays in moving IoT projects from pilot into production, adding to cost and complexity, and delaying the originally envisioned benefits of IoT.
When you picture the typical IoT deployment, with multiple vendors providing devices based on different chips, different software, and different standards, all with different approaches to security, the complexities of integrating this into existing enterprise security platforms at scale is daunting. Device identity lifecycle management need to be present at every stage in the supply chain including manufacturing, provisioning, identity migration and even secure decommissioning.
The introduction of Avnet IoT Connect, a cloud-based end-to-end device management solution represents a big step forward in reducing this complexity and accelerating time to value for IoT projects across industries. This is key to IoT Security success as Avnet is present in 150 locations globally (Americas ~ 40; EMEA ~60; APAC & Japan ~50) and each region has its own priorities regarding security practices. By leveraging Avnet’s global relationships with multiple chip manufacturers and device OEM’s, IoT Connect provides a comprehensive device management bridge from OEM to end customer, all through a real- time, interactive, single-view dashboard with the ability to manage a wide range of devices from the world’s leading manufacturers.
Avnet and Device Authority have recently announced a partnership to seamlessly integrate device-based security into IoT Connect by utilizing Device Authority’s Keyscaler solution for device identity lifecycle management. This will help to further scale IoT security by introducing a strong identity for each IoT device, and automating the full identity lifecycle for end customers, establishing a full edge to enterprise solution.
Whether you’re at the design phase of a new IoT product, or looking to retroactively add best-in-class device security and management to previously deployed devices, Avnet IoT Connect and Device Authority Keyscaler together provide a complete solution from the edge to the enterprise.
