Data can be gathered from almost anywhere. There are connected devices that are amassing information from factories, fields, and mines, and from assets near roads and railways. Many of them are more powerful and complex than other connected products. They’re edge devices – they process, analyze, and store data at the edge of the network, or on the device, rather than sending it all to a centralized cloud-based location. Only selected information is transmitted to the cloud.
Many businesses are adopting this type of technology to help them manage the ongoing demand for data and to enable artificial intelligence (AI) at the edge. Processing information on the device is more efficient – it reduces the bandwidth required and the time taken to process large amounts of data because it’s not being transferred. That enables it to be analyzed in real-time, which is important in time-sensitive situations, such as when people’s health and safety or critical infrastructure is being monitored. Processing data at the edge is also more reliable because organizations don’t have to rely on an external network.
The Importance of Securing Edge Devices
The security of edge devices is crucial. The devices may be sensors, meters, switches, gateways, cameras, or robots and they’re often deployed remotely, in areas like the fields or roadsides mentioned earlier, rather than behind locked doors where only people with authorization can access them. They often gather sensitive information, which makes them an attractive target for hackers. They may even control key systems.
According to Beecham Research, 86% of companies surveyed by the Eclipse Foundation currently use edge computing technology or plan to deploy it soon. As the number of devices that are being utilized increases, the attack surface and the amount of data available grows. As KuoWei Chao, General Manager of ASUS IoT Business Unit, said in our PSA Certified 2023 Security Report, “Paving the way to the Artificial Intelligence of Things (AIoT) implies massive data collection and transferring. Things can get bumpy along the data flow when there are potential cybersecurity threats.”
Quote
Paving the way to the Artificial Intelligence of Things (AIoT) implies massive data collection and transferring. Things can get bumpy along the data flow when there are potential cybersecurity threats.
Increasing Investment and Interest in Security
Companies are investing in security. We know from our PSA Certified 2023 Security Report that spending on features, experts and certification is growing each year. Many of the 1,200 technology decision makers we surveyed said they, and their customers, now see security as a value-add. As Sander Speek, from PSA Certified partner Scalys, told us, “Device security is the key that unlocks a world of trust and resilience in edge and industrial domains.”
An increasing number of governments also realize the importance of securing connected devices and are taking action to protect national security and their people. Around the world, security laws, regulations, and baseline requirements are being introduced to compel or encourage product developers and manufacturers to build security into their devices. Their approach is welcomed by most respondents to our survey, who said it would help them build trust in their devices. Just under three-quarters of respondents (71%) from the rich edge and industrial sector said new regulations were a positive step. However, 70% of the people we asked also said cybersecurity regulations must be better defined. Companies want to know how the legislation changes implementation.
Greater Clarity Needed to Avoid Confusion
The potential impact of any uncertainty was also highlighted by the 29% of leaders who said the current fragmentation was a barrier to implementing stronger security. Developers and manufacturers must understand what’s required of them and be able to build-in the right level of security for their products. If not, they risk under- or -over investing in security, which either slows innovation or undermines their security initiatives. As John Weil, CMO Foundries.io, said in our Report: “Bringing embedded devices to market – and securing them for their full lifecycle is notoriously complex. With increasingly stringent worldwide legislation, getting security wrong has the potential to cost a company everything.”
Quote
Bringing embedded devices to market – and securing them for their full lifecycle is notoriously complex. With increasingly stringent worldwide legislation, getting security wrong has the potential to cost a company everything
Almost a third (31%) of survey respondents from the rich edge and industrial sector reported that cost was another barrier to security implementation – it was at the top of their list. Forty-five percent that had budget constraints said they couldn’t spend enough on research and development.
Concerns about the cost of security are not new but some of our partners believe that companies should take a long-term rather than a short-term view and think about the costs of insecurity instead of the costs of securing the device. Dr. Juan Nogueira, Senior Director of Connectivity Center of Excellence at global manufacturing company, Flex, explains: “We should not be saying that security is adding another cost on the bill of materials – it shouldn’t be considered like that. It should be necessary, like the power supply, you need to power the device and you need to have security as well.”
The industry is split over whether they are investing enough in securing their devices. According to our report, 56% believe they are. Forty-one percent said they should invest more.
Reducing the Complexity and Cost of Security
PSA Certified, a global partnership of security-conscious companies, monitors the changing security landscape. Its four-step framework and independent, multi-level assurance scheme makes it easier to navigate the emerging laws, regulations, and requirements. For example, PSA Certified Level 1 is aligned with the NIST 8259 recommendations in the United States and Europe’s EN 303 645 cybersecurity standards. It’s reviewed annually to ensure it remains relevant.
PSA Certified also reduces the costs of implementing security in connected devices by enabling developers and manufacturers to build on best practice and re-use security certifications. That gives companies the evidence they need to communicate their commitment to security to their partners and customers. As Robert Andres, CSO at Eurotech, said in our PSA Certified 2023 Security Report: ” Security of edge systems – hardware & software combined – has evolved in the recent year to the most relevant aspect in customer engagements in industrial, transportation as well as critical infrastructure scenarios. PSA Certified was a vital part of creating a successful and convincing edge security value proposition.”