The future of Internet of Things (IoT) involves billions of connected devices (such as smartphones, computers, and sensors) communicating with one another, regardless of manufacturer, operating system, chipset, or physical transport. However, security is essential for reliable IoT operations. Whether malicious or accidental, malfunctioning IoT devices such as a connected car or components of a smart grid can pose a significant risk to consumers, businesses, and societies. Therefore, it is essential to protect IoT devices in order to realize the full potential of IoT. The key considerations for complete and effective IoT cybersecurity include: 1) Operating within the physical and technical limitations of IoT by using efficient and lightweight security technologies; 2) The ability to accommodate multiple security approaches, including digital certificate-based or certificate-less security mechanisms; 3) The protection of IoT data at rest, in transit, and in the cloud; 4) A standards-based approach for IoT security; and 5) Operating at scale to support millions of IoT devices with no impact on speed and security of IoT operations.
Hardening the security posture of IoT components once the product has been deployed commercially is extremely difficult. Therefore, it is imperative that security is implemented during the device design phase or device manufacturing phase. Security costs are low compared to the potential devastation that could result from a compromising event. However, IoT devices are being manufactured without the required components essential for IoT security—such as a way to generate keys on the device or without a mechanism to configure unique identifiers to devices. Device original equipment manufacturers (OEM) must use components that have the necessary built in security capabilities to ensure the appropriate levels of device and data authentication and integrity. Examples of built in security functions that are essential for device security include hardware root of trust, trusted boot, trusted execution environment (TEE) for secure low-level software operations (for IoT devices that have the required computing resources), hardware-level isolation for trusted code base, and easy-to-use APIs to access low-level security functions.
This Frost & Sullivan insight describes the key requirements in the Internet of Things (IoT) security market and presents details of how the leading IoT security providers address these needs. Information is provided in the form of profiles, wherein each industry participant included in this profile has been interviewed by Frost & Sullivan. Frost & Sullivan’s independent analyst perspectives have also been provided for each of the profiled companies.