Our Approach to IoT Security

Skip to content

Successful digital transformation needs trusted data, which can only come from secure devices. Despite a growing appetite for IoT security, barriers to best practice security design and implementation remain. PSA Certified is a global partnership combating security challenges and uniting the IoT ecosystem under a common security baseline. By providing an easy-to consume, comprehensive methodology for the lab-validated assurance of IoT security, PSA Certified is helping to unlock the possibilities of a connected world.

Bridging the Gap Between Security Expectation and Reality

Even in scenarios where security is being prioritized, a gap remains between the perceptions of IoT security implementation and the reality. In 2020, 90% of tech decision makers said security was important to their company, but this isn’t translating into everyday actions with only 47% carrying out a threat analysis in the design of every new product. As the number of hacks continues to rise consumer confidence will dwindle, impacting adoption rates and delaying digital transformation. How can the industry meet consumer and regulatory demands when long-standing barriers of cost and fragmentation remain?

PSA Certified believe that a standardized approach to IoT security, underpinned by certification, is key to overcoming these challenges and bridging the gap between the reality and expectations of IoT security. This view is backed by research: 84% of tech decision makers are interested in the development of an industry-led set of guidelines to build a collaborative approach to IoT security, with certification offering an independent measure of conformance to industry best practice.

Founded by Industry Experts

Arm Logo
CAICT Logo
Riscure Logo
Prove & Run Logo
TrustCB Logo
UL Logo

The Value of Certification

93% of tech decision makers reacted positively to the suggestion that collaborative, common certification can be a differentiator in the market. Independent certification provides an objective view of standardized security, ensuring critical principles are implemented. World-leading evaluation laboratories guide the security evaluation and certification of PSA Certified products. SESIP labs, licensed by the PSA Certified certification body TrustCB, can also evaluate products in line with the SESIP methodology. Third-party evaluation moves the industry away from a “trust me, it’s secure” mentality and towards a more formal approach based on documented evidence. A common baseline of security paired with independent evaluation defragments the ecosystem, simplifying IoT security for the entire value chain and building trust in connected devices.

PSA Certified is the fastest way for our customers to have confidence in the security of the devices we build

Dr. Juan Nogueira, Sr. Director, Connectivity Center of Excellence, Flex
Juan Nogueira
More partner stories

Building-in Foundational Security

PSA Certified and its ecosystem are creating a secure-by-design culture where security is implemented from the beginning of product development. Building-in security starts with two key foundational security measures that should be embedded into every connected device.

Firstly, PSA Certified outlines high-level IoT security principles in the 10 security goals. Although every product will have unique security needs, these goals define the common requirements that should be met in every connected device. With security best practice in place, products and features can be developed in an ecosystem built on a reliable security baseline.

The second principle is a Root of Trust (RoT). This is a foundational security component, built into the silicon, that completes a set of implicitly trusted functions that the rest of the system can use to ensure security. The PSA Root of Trust (PSA-RoT) fortifies security at the heart of an IoT device by building it into the silicon, providing a source of confidentiality and integrity for the whole value chain.