IoT Cyber Security and the Importance of Certification
Arm is a Business Reporter client.
As we journey toward the metaverse, digital transformation and the Internet of Things (IoT), their deployment is moving beyond early adoption and becoming mainstream as businesses and consumers embrace new technologies. As we reach this turning point, organizations must avoid the pitfalls of the past, where security lagged behind the pace of digitalization and technology. Many services, such as critical infrastructure and supply chains, have undergone rapid digital transformation over the past few years. Yet the slow pace of security rollouts to protect these innovations has created many vulnerabilities for both consumers and providers.
The same is true for the IoT, with cyber security lagging behind as IoT devices proliferate. Pressures on the IoT, which include a fragmentation of standards and a complex regulatory landscape, mean that matching cyber security to the IoT has been difficult. But as the IoT continues to expand, the security of its devices cannot be optional.
Arm is at the forefront of security research and investment, and we believe that security is a shared responsibility. By investing in architecture, software and hardware technologies, programs and initiatives, we make security simpler for our partners and IoT developers worldwide.
In 2017, Arm spearheaded PSA Certified, working with other industry leaders to establish a standardized security framework and certification program to help achieve a secure IoT. This year, the PSA Certified 2022 Security Report shows that security has moved to the top of the business priority list, with 90% of organizations increasing the importance they place on security in the past 12 months.
However, findings show that there is still a need to democratize the skills and best practices required for security in the connected economy. Three essential factors—guidance, education and certification—will unlock the potential of the IoT by ensuring a secure ecosystem.
Better security guidance and education
There has been a strong shift in consumer sentiment toward prioritizing security in connected devices and a secure IoT is clearly essential. Nearly a third of those surveyed in the PSA Certified 2022 Security Report noted that their customers demand it, debunking the myth that consumers care only about cost and features.
As manufacturers and service providers in the IoT ecosystem respond to this demand, the need for best-practice guidance is higher than ever. 96% of report respondents said they would be interested in an industry-led set of guidelines on IoT best practices. A common security language would be fundamental to this effort.
Unfortunately, security expertise remains a barrier. Fewer than a third of organizations are reportedly satisfied with the level of security expertise within their organization. The World Economic Forum estimates that a gap of more than 3 million security experts exists worldwide.
Organizations understand this, and they rank security frameworks and step-by-step guides as the most useful tools for deploying secure products to market. This underlines the criticality of education and guidance in shaping a more secure IoT.
The importance of certification
Certification provided by independent third parties is also critical to ensuring IoT security. Certification moves the industry beyond “marking their own homework” and delivers a clear benchmark of security, measured by independent labs. Customers can use this certification to ensure that the products and services they are buying do not contain unknown and unwanted cyber-security vulnerabilities.
There is still work to do here, as despite most organizations noting that certification is useful to the IoT marketplace, many don’t have security experts in-house and do not conduct external lab-based security testing.
Our findings show that the primary reason certification is skipped is the misconception that testing is believed to be too expensive. However, a standardized testing method under a certification scheme, such as the one that PSA Certified has developed for the new wave of IoT devices, has already lowered the cost barrier. The documentation is open to view, and it takes less time to certify using evaluation labs than by using preexisting certification models that were made with previous- generation connected devices in mind.
Certifications can also be reused, meaning that you can improve the return on your investment. Once a component has been certified—a chipset, for example—that component can be sold to original equipment manufacturers (OEMs) and used in a range of different products regardless of manufacturer, bringing down costs for all concerned.
We’re also seeing that governments, standards organizations and leading IoT companies are adopting or referencing PSA Certified. This momentum toward security certification will only accelerate the path to a more robust IoT ecosystem.
The PSA Certified program is forging a more secure connected future by uniting the industry around security best practice to deliver consumer and business assurance in connected devices and protect end users from cyber risk.
Across the IoT industry, security is no longer optional, but foundational to business success. Industry collaboration and cross-market knowledge -sharing are democratizing the skills and best practices that are critical to our connected future.
PSA Certified offers a credible certification system that aligns standards across organizations, IoT trade bodies and insurance services, and we’re proud that PSA Certified is creating an opportunity for the industry to come together and drive IoT security for both businesses and consumers.
Learn more about the IoT security trends and barriers in the PSA Certified 2022 Security Report.
About the research: The data in the PSA Certified 2022 Security Report was gathered from 1,038 technology decision makers across Europe, USA and APAC by Sapio Research. PSA Certified is a global partnership of security-conscious companies that are building security best practices aligned to the cyber-security requirements of USA, Europe and China, and are promoting security by design across all IoT devices.
This article originally appeared in Business Reporter. Header Image credit: Courtesy of Arm
