Microsoft’s latest acquisition of Refirm Labs is an important marker for the IoT security market. As published in the most recent IoT competitive analysis by ABI Research report, Microsoft is a clear leader in cloud based IoT deployments with Azure services like IoT Hub, IoT Central, and IoT Edge. But despite the ever-increasing number of vendors addressing security vulnerabilities for IoT devices, from secure chipsets like Azure Sphere, to Detect and Respond technologies, there still exists many critical gaps in the majority of enterprise IoT deployments which serve to delay the progression of IoT projects post-pilot and in to production, where companies can actually recognize the business benefits.
One of the major stumbling blocks is how do companies even know which devices are putting them most at risk, and where might data encryption need to be applied to protect critical information? Refirm Labs, as a firmware analysis tool can help find vulnerabilities and expose security holes. For example, if a connection does not use proper authentication – or if data should be encrypted before being transmitted or stored. This is an important addition to Microsoft’s Azure IoT offering as it will allow their customers to plan more accurately secure deployments. Interestingly, Edge compute has become a much more mature deployment model recently, driven by market demand and requirement. Localised AI/ML and device management solutions are a mainstream requirement these days with a lot of Enterprises shifting to local / private network deployments. For rogue attackers this type of solution is attractive. Security at the Edge needs to have the highest priority, perhaps interestingly with the Refirm labs acquisition, Microsoft are also building increasing amounts of defence in depth for IoT Edge deployments to thwart the would-be attacker.
Firmware analysis is one layer of the “security onion” to which there are many layers. For instance, how do you automate security processes at scale? Once a series of IoT devices are determined as needing enhanced security, how does a customer safely authenticate, provide credentials, apply policy, encrypt the data, and rotate encryption keys as needed? There is a full lifecycle for IoT devices which must be managed over time in a zero-touch environment. Even for edge compute gateways on a private network, with no cloud connectivity, the same security operations and management are needed.
Device Authority’s KeyScaler platform accompanies the analysis provided by tools like Refirm Labs and helps manage the full security lifecycle of the devices determined to be at risk. As we like to say, “a rising tide floats all boats”, and Microsoft’s latest acquisition certainly is helping accelerate the tide of IoT deployments.
A Digital Revolution - Is it Safe and Secure? A digital revolution is currently underway. Most enterprises have been accelerating the pace of their digital transformation technologies like Cloud, Big Data, AI and Internet of Things (IoT). While the benefits are obvious, the attack surface is increasing dramatically. The consequences of breaches go beyond simple data loss, or distributed denial-of-service (DDoS), it is very much a safety issue, with a potentially disastrous impact in the case of critical IoT use cases in Industrial IoT, healthcare/medical devices and automotive.
Device Authority & Jitsuin bring real-time Zero Trust defense with assured SBOMs at scale
Having looked (albeit it brief) at the WP29 directive: “WP.29 is the UN World Forum dedicated to technical regulations applied to the broad automotive sector, addressing the safety and environmental performance of wheeled vehicles, their subsystems and parts.” It became clear to me that the source of the market noise was actually around UN Regulation No. 155, which is a component of WP29.
