Internet of Things industry is right to put security centre stage, says ARM

Zach Shelby of ARM

A year or two ago security in the Internet of Things was at the top of few people’s minds. Perhaps it should have been. Now IoT security is a hot topic as editor-in-chief, Jeremy Cowan found when he talked to Zach Shelby, director of the IoT Business Unit at ARM, a multinational semiconductor and software design company based in Cambridge, UK.

M2M Now: In the last few months Application Security has arrived centre stage as a consideration for enterprises launching M2M and IoT? Why the sudden focus? Is it more important than before? Or are services more vulnerable than before?

Zach Shelby: New security threats are emerging every day – from malware programs that can be inadvertently installed on a user’s machine, to phishing attempts that deceive employees into giving up confidential information, to viruses, worms, and strategic identity theft attempts. Embedded devices brought to market in the past were rarely designed to be hooked up to the internet, and its associated security threats, and did not take even basic precautions. That is the root cause of most embedded device security issues being uncovered today.

Security is imperative when we talk about connecting 50 billion devices on the internet. For this reason, and lessons learned from past embedded device security shortcomings, security is centre stage as it very well should be.

M2M Now: How can ARM help to deliver greater security for IoT users and service providers?

ZS: IoT is a heterogeneous system with several hardware and software components from devices to infrastructure and services. IoT devices need to trust services and vice versa.  For that to happen we need to secure the device, networks and the services running on top of them.

ARM is well known for providing key technology that enables security mechanisms in mobile such as TrustZone. We recently announced the ARM mbed platform, which will include security components required for creating secure devices and using them with services in a trusted manner. Key features of this include device asset protection, key management, secure boot loading and TLS-based public-key communication security.

M2M Now: What other steps should the industry be taking to protect its customers and its future?

In general, the industry needs to make security technology widely available and included by default, not as a specialised high-cost addition. Choosing the right architecture for IoT – IP to the edge will help end to end security. As people introduced protocol translation gateways in the past they introduced vulnerability in the system.

The use of open standards will make security threats better understood. Reliable authentication of devices and appropriate security controls are needed, as are encrypted data processing and secure communication channels.

M2M Now: Can Standards bodies ever catch up with IoT developments, or should the industry rely instead on platforms such as the ARM mbed IoT Device Platform?

ZS: Just like the internet, the Internet of Things is made up of standards-based building blocks, most of which are already available, well understood and mature. The challenge today is not a lack of standards, but how we get quality implementations of standards integrated into complete solutions into the hands of developers making products and services. The ARM mbed platform simply gets key IoT security and communication standards into the hands of those developers as an end-to-end solution that is easily accessible.

M2M Now: How significant for IoT growth are developments such as the GSMA’s recently announced  Embedded SIM specification or initiatives from oneM2M, Alljoin, ETSI, etc.?

ZS: To cover a wide range of IoT applications we need a wide range of alliances and standards. Some of these alliances and standards will become very relevant and some of them will fade away. Just like the evolution of the internet we will see that the open standards will drive IoT growth.

The most significant standards that we see today are the widely applicable security and communications standards from the IETF (Internet Engineering Task Force) and device management from the OMA (Open Mobile Alliance) that apply to almost any IoT system. In addition some solutions are applicable to certain network technologies (e.g. Embedded SIM), ad-hoc networking (e.g. Alljoyn and DLNA) or telecom operators (OneM2M).

M2M Now: How do you expect value chains and ecosystems to evolve in the IoT over the next two years?

ZS: We are already seeing wider adoption of IoT technology in enterprise sectors, in particular related to Smart Cities. Broader consumer adoption in the Smart Home is expected to pick up during 2015 and 2016 as we make the technology more easily accessible to innovators. The key driving factors will be:

  • Efficiency improvement to drive down the cost of operation
  • Emerging new business models based upon the new insights/intelligence gathered from the sensor data. For example, some companies are already starting to offer Product + Service business models.
  • We will see that tools and technology to build IoT systems become widely available and easily accessible
  • We will see many start-ups – both on the device side as well as service side. Currently the industry is stuck in value-chain silos so it’s hard to build orthogonal solutions spanning across various vertical markets. We will see many new orthogonal applications that we haven’t thought about.
  • Standards are reaching a level of maturity and understanding in IoT that allows companies to bring systems to market with more confidence and less engineering effort

M2M Now: Will most IoT ecosystems be a partnership of equals or will they be dominated by one party, such as system integrators or network operators?

ZS: IoT market segments are very heterogeneous, which will make it hard for any one party to really enable growth. Instead we are seeing the emergence of peer-based ecosystems that include players from the entire value chain. A great example is the mbed Ecosystem ARM announced in October together with silicon vendors, system integrators, telecom vendors, OEMs (original equipment manufacturers) and both small and large cloud providers.

M2M Now: Thank you, Zach.

Zach Shelby is director of Technical Marketing,
ARM Internet of Things Business Unit.



9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, iot home automation is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more

Infineon’s AIRO cloud connectivity manager supports the AWS IoT expressLink

Posted on: December 2, 2021

Munich, Germany, and San Jose, California. 30 November 2021 – Infineon Technologies AG announced the company’s new AIROC IFW56810 Cloud Connectivity Manager (CCM) solution supports the AWS IoT ExpressLink standards and specifications. This combined offering makes it easier and faster for companies and end customers to connect products such as industrial sensors, home appliances, irrigation systems

Read more

CTERA selected to support US Department of Veterans Affairs file storage modernisation contract

Posted on: December 2, 2021

London, UK. 1st December 2021 – CTERA, a distributed cloud file storage provider, announced that Peraton, the mission capability integrator and transformative enterprise IT provider, has selected CTERA’s file platform to support a $497 million (€438.79 million) contract to provide infrastructure-as-a-managed service (laaMS) for US Department of Veterans Affairs (VA) storage and computing infrastructure facilities across the US and

Read more