Successful digital transformation needs trusted data, which can only come from secure devices. Despite a growing appetite for IoT security, barriers to best practice security design and implementation remain. PSA Certified is a global partnership combating security challenges and uniting the IoT ecosystem under a common security baseline. By providing an easy-to consume, comprehensive methodology for the lab-validated assurance of IoT security, PSA Certified is helping to unlock the possibilities of a connected world.

Bridging the Gap Between Security Expectation and Reality

Even in scenarios where security is being prioritized, a gap remains between the perceptions of IoT security implementation and the reality. In 2020, 90% of tech decision makers said security was important to their company, but this isn’t translating into everyday actions with only 47% carrying out a threat analysis in the design of every new product. As the number of hacks continues to rise consumer confidence will dwindle, impacting adoption rates and delaying digital transformation. How can the industry meet consumer and regulatory demands when long-standing barriers of cost and fragmentation remain?

PSA Certified believe that a standardized approach to IoT security, underpinned by certification, is key to overcoming these challenges and bridging the gap between the reality and expectations of IoT security. This view is backed by research: 84% of tech decision makers are interested in the development of an industry-led set of guidelines to build a collaborative approach to IoT security, with certification offering an independent measure of conformance to industry best practice.

PSA Certified: Revolutionizing Embedded Security

Founded by Industry Experts

PSA Certified was developed by seven industry experts, who used their knowledge to simplify IoT security without reducing the implemented level of security. Our founders continue to monitor the security landscape and are committed to the constant development of the scheme. The program is regularly updated to ensure it is still meeting, or exceeding, the necessary baseline of security requirements and aligning to major government guidelines and legislations. This ensures that PSA Certified is flexible enough to change with the demands of different industries and geographies.

The Value of Certification

93% of tech decision makers reacted positively to the suggestion that collaborative, common certification can be a differentiator in the market. Independent certification provides an objective view of standardized security, ensuring critical principles are implemented. World-leading evaluation laboratories guide the security evaluation and certification of PSA Certified products. SESIP labs, licensed by the PSA Certified certification body TrustCB, can also evaluate products in line with the SESIP methodology. Third-party evaluation moves the industry away from a “trust me, it’s secure” mentality and towards a more formal approach based on documented evidence. A common baseline of security paired with independent evaluation defragments the ecosystem, simplifying IoT security for the entire value chain and building trust in connected devices.

Building-in Foundational Security

PSA Certified and its ecosystem are creating a secure-by-design culture where security is implemented from the beginning of product development. Building-in security starts with two key foundational security measures that should be embedded into every connected device.

The PSA 10 security goals outline generic security requirements for IoT systems.

Firstly, PSA Certified outlines high-level IoT security principles in the 10 security goals. Although every product will have unique security needs, these goals define the common requirements that should be met in every connected device. With security best practice in place, products and features can be developed in an ecosystem built on a reliable security baseline.

The second principle is a Root of Trust (RoT). This is a foundational security component, built into the silicon, that completes a set of implicitly trusted functions that the rest of the system can use to ensure security. The PSA Root of Trust (PSA-RoT) fortifies security at the heart of an IoT device by building it into the silicon, providing a source of confidentiality and integrity for the whole value chain.