Top Five Variables Influencing the Approach to Device Security
In my previous blog post, I covered the importance of having security built in and not bolted on. In this blog post, I’ll outline the top five key variables that are influencing how we approach device security — a topic particularly top of mind as I spend this week at the RSA Conference.
1. Connectivity to the enterprise and cloud. Historically, embedded devices, while network connected, operated on proprietary protocols and dedicated networks. A “great wall” so to speak, existed between the networks that powered our critical infrastructure, for example, and the networks that powered our enterprises. However, due to the pervasive nature of Ethernet there is a desire now to leverage all of the security expertise that we have gained over the past 20 years deploying commercial grade enterprise networks and apply it to our embedded systems — and then extend this when connecting to the cloud. Herein lays the potential for huge productivity gains by leveraging the same infrastructure to collect data, analyze it, manage and update our devices, etc. Along with the potential productivity gains comes the reality that we are now exposing our embedded devices to threats that they have never had to deal with before and probably aren’t suited to handle in the same manner that our enterprise infrastructure is.