Raising the Bar on Security of Mass-Scale IoT

June/12/18

Terrence Barr |
Head of Solutions Engineering @Electric Imp

Cybersecurity is now a top concern for any IoT strategy (or product) and carries with it critical technical, business, and even legal implications. Poor or incomplete security undermines the value of an IoT offering, creates a significant business risk for a company, and can have a critical global impact when widespread attacks occur. Today, strong security is rapidly becoming mandatory for IoT at any scale and the requirements will only get more stringent in the future.

However, there is considerable confusion in the market about what ‘strong IoT security’ actually means in practice and how to achieve it -- causing many IoT projects to fail because the security challenges seem insurmountable with no solution in sight. It doesn’t help that many vendors are making a lot of noise with bold marketing claims about ‘complete IoT security,’ when upon closer inspection these offerings are often incomplete, or worse, have significant security gaps or flaws.

Since our inception, Electric Imp’s view has been that the best way to deliver IoT security is with a security-first end-to-end design that tightly integrates security across all layers and lifecycle phases of the IoT platform. From the device silicon at the edge to the cloud, and from manufacturing through deployment and on-going security maintenance, we have focused on eliminating dangerous weak links and common security gaps. We call this ‘impSecureTM: Integrated Silicon-to-Cloud Security as a Service’:

Increasingly, we see the industry confirming this integrated approach. For example, the Industrial Internet Consortium (IIC) Security Framework defines a set of recommendations and best practices for industrial IoT security, and the Electric Imp offering is very much aligned with that framework. Furthermore, in 2017 Microsoft published the paper “The Seven Properties of Highly Secure Devices,” which has become an important turning point in the market by defining principles and practices which help ensure cybersecurity of network-connected devices at scale. We concur with Microsoft’s conclusions in the paper on the importance of bringing “high-value security to low-cost devices,” and this is the new minimum security bar IoT systems need to clear.

Because of our long-standing focus on security, the Electric Imp offering since 2015 meets all seven properties described in the Microsoft paper while also addressing additional challenges that are critical for real-world IoT, such as secure manufacturing and large-scale commissioning. Underscoring our security approach is the fact that the Electric Imp Platform is also the first and only IoT platform to be UL 2900-2-2 Cybersecurity Certified.

Electric Imp has been enabling our customers -- including large public companies such as Pitney Bowes, EATON, and ABInBev -- to ship secure, reliable, mass-scale IoT solutions. With over 1.5 million imp-powered devices on our platform and more than 100 customers around the world, Electric Imp provides the scalability, fast time-to-market, and worry-free security that is critical to a successful IoT deployment.

Want to learn more? Read our White Paper: Shipping “The Seven Properties of Highly Secure Devices” in Volume