ARM acqusition highlights quest to embed IoT security

ARM’s acquisition of Dutch company Offspark shows how chip vendors intend to integrate more security features in their software and hardware to help keep the Internet of Things safe.

There are a few things vendors have to get right for IoT to take off on a larger scale, and security is one of them. Security is the most fundamental aspect to ensuring people trust IoT technology and that is only possible with a tailored solution, according to Offspark’s CEO Paul Bakker.

Offspark has made a name for itself with the company’s PolarSSL technology, which is already used to protect traffic from sensors, modems and smartphones. Renamed as ARM mbed TLS, it will be integrated with ARM’s mbed OS to protect traffic from devices powered by the platform. The technology will complement Cryptobox, which protects the applications.

The mbed OS was launched in October last year, and will become available under an Apache 2.0 license toward the end of the year.

Unsurprisingly, ARM isn’t the only chip maker that’s pushing IoT security. Intel is going down the same route with features such as Enhanced Privacy ID, which Intel made available for other chip makers to implement in December. The feature makes it possible implement a hardware-based identity that can be used for authentication.

Protection won’t come just in the shape of hardware and OS functionality. Back in December, Intel’s McAfee division also introduced Enhanced Security for Intel IoT Gateways, which adds better security management functionality for gateway devices. The gateways play an important role in protecting older systems that are connected to the Internet for the first time.

Because of the large number of devices that are expected to become connected, getting the management right is as important as the underlying infrastructure. For example, if systems can’t be updated quickly to close security vulnerabilities, hackers will have a field day.

In the end, securing IoT installations will be a challenge for vendors and enterprise IT staff.

Gartner’s advice to CISOs is to start small and develop initial security projects based on specific IoT use cases. They can then build on what they learn to best protect a wider variety of systems. Fortunately, many of the security requirements for the IoT will look familiar, the market research company said.

New! Download the CIO March/April Digital Magazine