Is it Impossible to Securely Manage the Billions of ‘Things’ in the IoT Ecosystem?
April 2019 by Gil Bernabeu, Technical Director, GlobalPlatform
In our brave, new, connected world, we’re witnessing a seismic shift in the role that devices are playing across all aspects of life. The explosion of the internet of things (IoT) means that today billions of devices – from everyday household appliances to specialist manufacturing machines – can be connected to the internet and communicate sensitive data and information. By 2020, it is estimated there could be up to 50 billion connected devices across the world. That’s almost ten times the number of people who use the internet today.
With that in mind, it’s no surprise that service providers and edge device manufacturers are keen to capitalize on the seemingly endless opportunities IoT presents. As the market expands, however, the emergence of new players, along with different proprietary hardware and software solutions, are bringing complexities which threaten to undermine a successful future for secure digital IoT services. Managing, protecting and securing the billions of devices, data, networks and services in this ever-expanding ecosystem can seem like an impossible challenge.
Aside from smartphones, where an end-user can participate in the device management, many types of IoT devices rely exclusively on remote device management for updates and upgrades related to software, repairs or security measures, for example. This is no small undertaking given the sheer scale of the ecosystem.
Any one of the billions of devices connected to a network, no matter how small, could be a target for hackers looking for a vulnerable path to a network or as part of a more widespread attack on a particular device type or channel. Yet some in the IoT space are not taking the risks associated with insecure devices seriously enough. In fact, many device manufacturers still remain unaware, or are dismissive, of the essential security requirements necessary to deliver safe and secure digital services, as demonstrated by several high-profile hacks and data breaches in recent years.
As the number and nature of use cases grow, so too do the risks. As a result there is an immediate need for a foundational, standardized solution for securing and managing IoT devices and services.
Of course, IoT security requirements should not restrict innovation and time to market. For digital IoT services to be a success, all stakeholders in the ecosystem need to have their unique sets of needs met to allow them to deliver competitive products and services. Service providers need to trust that their service and its data will be protected and updatable regardless of the device hardware or operating system (OS). IoT device makers need to support a range of device OSs, securely connect to multiple cloud platform providers and offer the required level of security to service providers. Cloud platform providers need to securely enrol many device types, running a wide range of different secure services.
This is where GlobalPlatform technology plays a key role. Our specifications, configurations and frameworks provide a way for all IoT stakeholders to efficiently deliver innovative digital services, while providing greater security, privacy, simplicity and convenience for users. At the highest level, GlobalPlatform offers:
• The protection of digital services through two standardized secure component technologies, the Secure Element (SE) and Trusted Execution Environment (TEE), which address the security requirements of multiple markets and industries;
• The certification of secure components via the GlobalPlatform Certification Program, which confirms product adherence to functional requirements and market defined security thresholds;
• The ability to remotely manage digital services. This enables device manufacturers to update and manage their devices remotely thanks to standardized messaging across any connectivity channel for loading or provisioning a service.
GlobalPlatform’s Device Trust Architecture (DTA) framework pulls these initiatives together to empower all stakeholders in the value chain to seamlessly deliver, and securely manage, digital services and devices. As a result, GlobalPlatform facilitates collaboration between service providers and device manufacturers on technical and strategic interests, offering a simple, low-cost and ultimately secure route to market for IoT services.