Our Approach to IoT Security

Skip to content

Successful digital transformation needs trusted data, which can only come from secure devices. Despite a growing appetite for IoT security, barriers to best practice security design and implementation remain. PSA Certified is a global partnership combating security challenges and uniting the IoT ecosystem under a common security baseline. By providing an easy-to consume, comprehensive methodology for the lab-validated assurance of IoT security, PSA Certified is helping to unlock the possibilities of a connected world.

Our approach to security is built on three key pillars:

Making Security-by-Design Based on the Root of Trust Defacto

PSA Certified and its ecosystem are creating a secure-by-design culture where security is implemented from the beginning of product development. Building-in security starts with two key foundational security measures that should be embedded into every connected device: the PSA Certified Security Goals and the PSA-RoT. You can learn more about both of these below.

Independent, Trusted, Third-Party Certification Mapped to Regulation

Third-party evaluation moves the industry away from a “trust me, it’s secure” mentality and towards a more formal approach based on documented evidence. A common baseline of security paired with independent evaluation defragments the ecosystem, simplifying device security for the entire value chain and building trust in connected devices.

Creating a More Secure World Together

Our composition formula certification encourages silicon vendors, software vendors, IP providers and device manufacturers to all play a part for ensuring the security is built into devices from the ground up. Our ecosystem continues to grow as we navigate the complexities of security, with now 80 different partners holding PSA Certified certifications.

Building-in Foundational Security

PSA Certified and its ecosystem are creating a secure-by-design culture where security is implemented from the beginning of product development. Building-in security starts with two key foundational security measures that should be embedded into every connected device.

Firstly, PSA Certified outlines high-level IoT security principles in the 10 security goals. Although every product will have unique security needs, these goals define the common requirements that should be met in every connected device. With security best practice in place, products and features can be developed in an ecosystem built on a reliable security baseline.

The second principle is a Root of Trust (RoT). This is a foundational security component, built into the silicon, that completes a set of implicitly trusted functions that the rest of the system can use to ensure security. The PSA Root of Trust (PSA-RoT) fortifies security at the heart of an IoT device by building it into the silicon, providing a source of confidentiality and integrity for the whole value chain.

PSA Certified is the fastest way for our customers to have confidence in the security of the devices we build

Dr. Juan Nogueira, Sr. Director, Connectivity Center of Excellence, Flex
Juan Nogueira
More partner stories

The Value of Certification

Our independent research shows that trusted hardware, built on a Root of Trust, combined with recognized standards and external testing are essential. Organizations are increasingly adopting robust security measures to reduce risk and liability. More than half of those polled in the PSA Certified 2023 Security Report say a security certification is now considered useful in proving robustness to customers (53%). This is up substantially on 2022 (32%) – up 21% year-on-year, in fact.

World-leading evaluation laboratories guide the security evaluation and certification of PSA Certified products. SESIP labs, licensed by the PSA Certified certification body TrustCB, can also evaluate products in line with the SESIP methodology.

Learn more

The PSA Certified IoT Security Framework

PSA Certified breaks down security complexities with a four-stage framework, with resources available for each stage. Learn about the framework and start your security journey. Our ecosystem of over 80 different partners are deploying the PSA-RoT into their products to improve the quality if their security implementation.

Read more

Regulation & Security: The Multiplier Effect

As the number of connected devices continues to surge in popularity, combined with enhanced interoperability, this has led to an accelerated rise in cyber threats.

Investment is on the rise as customers demand security, conversation shifts to align with regulation and how standards can build public trust.

PSA Certified believes that a standardized approach to device security, underpinned by certification, is key to overcoming these challenges. This view is backed by research: 53% of surveyed tech decision makers say security certification is now seen as a useful tool in proving the robustness of products to customers, which is a noticeable increase compared to the 32% recorded in 2022.