Think cloud and not only device, and security will then become more an integral part of the internet of things (IoT) industry, says Kumi Thiruchelvam, a co-founder of quantum-safe cyber security company Crypto Quantique.
He is convinced that by continuing to focus on the chip or device at the center of the IoT ecosystem, vendors’ focus on a model that relies on shipping high volumes will continue to compromise foundational security. In this article, he suggests that the cloud-to-chip model being developed by hyperscaler companies like Amazon, Google, Alibaba and Microsoft, rather than chip-to-cloud as is traditionally seen in the market with the push from silicon vendors, will be the key to enhancing security in connected embedded systems.
Having spent most of the past 20 years in variety of what I call embedded software experiences (glorified view of mobile as being the platform of our current generation), it’s interesting to draw the parallels with the not-so-quiet revolution happening in the world of enterprise computing. The current pandemic is changing the way the world views technology, and notably how different political ecosystems are using technology to manage the outbreaks in different socio-economic classes.
The recent announcement by Alibaba Cloud to invest $28 billion in its cloud infrastructure over three years for semiconductor and operating system development highlights the very large investments made by cloud computing organizations. This is only exemplifying the billions of dollars being poured into infrastructure to service the massive pent up demand to free up resources expended in the design and deployment of on-site enterprise computing to cloud-based systems. I often recall with a wry smile the time when a Silicon Valley giant’s billionaire founder chose to identify cloud with nothing more than “water vapour” (Churchill Club Sept 2009)! Working from home will never be the same again, nor offered as a luxurious work privilege.
Some of the enterprises that are rapidly transforming are using connected devices. Connectivity technologies aside, this the commonly defined internet of things (IoT) or the term I tend to use, the identity of things. Indeed this transformation is rapid, and Alibaba Cloud aside and also Microsoft earnings driven by cloud, we’ve seen huge leaps from companies like Siemens, IBM, Oracle on providing true end to end solutions for enterprises.
Transformation on this scale, for business intelligence, for analytics, for internal IT infrastructure, is also adding a significant amount of IoT edge nodes onto the wider network, with nowhere near the level of infrastructure security that has previously gone into data center designs, and/or gateways to the internet. In many ways, these edge nodes are being added at a rate far greater than the rate of smartphone deployment in the 1990’s and 2000’s, with their associated regulatory and compliance requirements, using amongst other things the undervalued SIM for network authentication.
For many the IoT edge nodes are associated with the device ecosystem, the OEM/ODM (original equipment manufacturer / original device manufacturer) supply chain that drive the billions of semiconductor chips that are shipped annually. However, this device ecosystem continues to leverage the fragmented nature of the IoT, across industry verticals and also geo-political considerations, to focus on what matters for that ecosystem: volume.
By continuing to drive design from a profit-before-security perspective, the attack surfaces will only continue to increase, and the playground for bad actors and nations, will get larger. This is why we’ve taken an approach that enables a key management system via the cloud, providing customers with ownership of device security via Microsoft Azure, AWS, or Alibaba Cloud.
But until there is a transformation in the security ecosystem to be cloud native, it’s left to those companies with the deepest pockets, those extracting maximum value from this industrial scale digital transformation, to enable foundational security at the connected device level. However, for the sake of a secure connected world, we hope that enterprises are able to drive their supply chains from a cloud-to-chip integration perspective, enabling the inclusion of quantum driven ID foundational security to leverage competitive advantage in the IoT.
Kumi Thiruchelvam is co-founder, investor and chief commercial officer at Crypto Quantique, a quantum-safe security as a service software company. He has nearly three decades of experience spanning global telecoms, embedded software for smartphones, cellular IP licensing, semiconductors and latterly in cybersecurity. He has helped scale companies in mobile digital identity, biometric authentication and silicon fingerprinting.