IoT devices are becoming more prevalent in almost every aspect of our lives—we will rely on them in our homes, our businesses, as well as our infrastructure. In February, Microsoft announced the general availability of Azure Sphere, an integrated security solution for IoT devices and equipment. General availability means that we are ready to provide OEMs and organizations with quick and cost-effective device security at scale. However, securing those devices does not stop once we put them into the hands of our customers. It is only the start of a continual battle between the attackers and the defenders.

Building a solution that customers can trust requires investments before and after deployment by complementing up-front technical measures with ongoing practices to find and mitigate risks. In April, we highlighted Azure Sphere’s approach to risk management and why securing IoT is not a one-and-done. Products improve over time, but so do hackers, as well as their skills and tools. New security threats continue to evolve, and hackers invent new ways to attack devices. So, what does it take to stay ahead?

As a Microsoft security product team, we believe in finding and fixing vulnerabilities before the bad guys do. While Azure Sphere continuously invests in code improvements, fuzzing, and other processes of quality control, it often requires the creative mindset of an attacker to expose a potential weakness that otherwise might be missed. Better than trying to think like a hacker is working with them. This is why we operate an ongoing program of red team exercises with security researchers and the hacker community: to benefit from their unique expertise and skill set. That includes being able to test our security promise not just against yesterday’s and today’s, but against even tomorrow’s attacks on IoT devices before they become known more broadly. Our recent Azure Sphere Security Research Challenge, which concluded on August 31, is a reflection of this commitment.

Partnering with MSRC to design a unique challenge

Our goal with the three-month Azure Sphere Security Research Challenge was twofold: to drive new high-impact security research, and to validate Azure Sphere’s security promise against the best challengers in their field. To do so, we partnered with the Microsoft Security Response Center (MSRC) and invited some of the world’s best researchers and security vendors to try to break our device by using the same kinds of attacks as any malicious actor might. To make sure participants had everything they needed to be successful, we provided each researcher with a dev kit, a direct line to our OS Security Engineering Team, access to weekly office hours, and email support in addition to our publicly available operating system kernel source code.

Our goal was to focus the research on the highest impact on customer security, which is why we provided six research scenarios with additional rewards of up to 20 percent on top of the Azure Bounty (up to $40,000), as well as $100,000 for two high-priority scenarios proving the ability to execute code in Microsoft Pluton or in Secure World. We received more than 3,500 applications, which is a testament to the strong interest of the research community in securing IoT. More information on the design of the challenge and our collaboration with MSRC can be found here on their blog post.

Researchers identify high impact vulnerabilities before hackers

The quality of submissions from participants in the challenge far exceeded our expectations. Several participants helped us find multiple potentially high impact vulnerabilities in Azure Sphere. The quality is a testament to the expertise, determination, and the diligence of the participants. Over the course of the challenge, we received a total of 40 submissions, of which 30 led to improvements in our product. Sixteen were bounty-eligible; adding up to a total of $374,300 in bounties awarded. The other 10 submissions identified known areas where potential risk is specifically mitigated in another part of the system—something often referred to in the field as “by design.” The high ratio of valid submissions to total submissions speaks to the extremely high quality of the research demonstrated by the participants.

Jewell Seay, Azure Sphere Operating System Platform Security Lead, has shared detailed information of many of the cases in three recent blog posts describing the security improvements delivered in our 20.07, 20.08, and 20.09 releases. Cisco Talos and McAfee Advanced Threat Research (ATR), in particular, found several important vulnerabilities, and one particular attack chain is highlighted in Jewell’s 20.07 blog.

While the described attack required physical access to a device and could not be executed remotely, it exposed potential weaknesses spanning both cloud and device components of our product. The attack included a potential zero-day exploit in the Linux kernel to escape root privileges. The vulnerability was reported to the Linux kernel security team, leading to a fix for the larger open source community which was shared with the Linux community. If you would like to learn more and get an inside view of the challenge from two of our research partners, we highly recommend McAfee ATR’s blog post and whitepaper, or Cisco Talos’ blog post.

What it takes to provide renewable and improving security

With Azure Sphere, we provide our customers with a robust defense based on the Seven Properties of Highly Secured Devices. One of the properties, renewable security, ensures that a device can update to a more secure state—even if it has been compromised. While this is essential, it is not sufficient on its own. An organization must be equipped with the resources, people, and processes that allow for a quick resolution before vulnerabilities impact customers. Azure Sphere customers know that they have the strong commitment of our Azure Sphere Engineering team—that our team is searching for and addressing potential vulnerabilities, even from the most recently invented attack techniques.

We take this commitment to heart, as evidenced by all the fixes that went into our 20.07, 20.08, and 20.09 releases. In less than 30 days of McAfee reporting the attack chain to us, we shipped a fix to all of our customers, without the need for them to take any action due to how Azure Sphere manages updates. Although we received a high number of submissions throughout multiple release cycles, we prioritized analyzing every single report as soon as we received it. The success of our challenge should not just be measured by the number and quality of the reports, but also by how quickly reported vulnerabilities were fixed in the product. When it came to fixing the found vulnerabilities, there was no distinction made between the ones that were proven to be exploited or the ones that were only theoretical. Attackers get creative, and hope is not part of our risk assessment or our commitment to our customers.

Our engagement with the security research community

On behalf of the entire team and our customers, we would like to thank all participants for their help in making Azure Sphere more secure! We were genuinely impressed by the quality and number of high impact vulnerabilities that they found. In addition, we would also like to thank the MSRC team for partnering with us on this challenge.

Our goal is to continue to engage with this community on behalf of our customers going forward, and we will continue to review every potential vulnerability report for Azure Sphere for eligibility under the Azure Bounty Program awards.

Our team learned a lot throughout this challenge, and we will explore and announce additional opportunities to collaborate with the security research community in the future. Protecting our platform and the devices our customers build and deploy on it is a key priority for us. Working with the best security researchers in the field, we will continue to invest in finding potential vulnerabilities before the bad guys do—so you don’t have to!

If you are interested in learning more about how Azure Sphere can help you securely unlock your next IoT innovation:

• Visit the Azure Sphere website to learn more.
• Get started.
• Secure your IoT deployment during the security talent shortage.
• Cybersecurity best practices to implement highly secured devices.

The post Why we invite security researchers to hack Azure Sphere appeared first on Microsoft Security Blog.

From its inception in Microsoft Research to general availability today, Azure Sphere is Microsoft’s answer to these escalating IoT threats. Azure Sphere delivers quick and cost-effective device security for OEMs and organizations to protect the products they sell and the critical equipment that they rely on to drive new business value.

To mark today’s general availability milestone, I sat down with Galen Hunt, distinguished engineer and product leader of Azure Sphere to discuss the world of cybersecurity, the threat landscape that businesses and governments are operating in, and how Microsoft and Azure Sphere are helping organizations confidently and securely take advantage of the opportunities enabled by IoT.

ANN JOHNSON: Let me start by asking about a comment I once heard you make, where you refer to the internet as “a cauldron of evil.” Can you give us a little insight into what you mean?

GALEN HUNT: Well, I actually quote James Mickens. James is a former colleague at Microsoft Research, and he’s now a professor at Harvard. Those are his words, the idea of the internet being a cauldron of evil. But I love it, because what it really captures is what the internet really is.

The internet is a place of limitless potential, but when you connect a device to the internet, you’re also creating a two-way street; anybody can come in off the internet and try to attack you.

Everything from nation states to petty criminals to organized crime is out there, operating on the internet. As we think about IoT—which is my favorite topic—being aware of the dangers is the first step to being prepared to address them.

ANN JOHNSON: When you’re thinking about folks that are in charge of security organizations, or even folks who have to secure the environment for themselves, what do you view as the biggest threats, and also the biggest opportunities for companies like Microsoft to address those threats?

GALEN HUNT: I think the biggest threat is—and I’m coming at this from the IoT side of things—as we’re able to connect every single device in an enterprise or every single device in a home to the internet, there’s real risk. By compromising those devices, someone can invade our privacy, they can have access to our data, they can manipulate our environment. Those are real risks.

In the traditional internet, the non-Internet-of-Things internet, the damage that could be done was purely digital. But in a connected IoT environment, remote actors are able to affect or monitor not just the digital environment but also the actual physical environment. So that creates all sorts of risks that need to be addressed.

In response, the power that a company like Microsoft can bring is our deep experience in internet security. We’ve been doing it for years. We can help other organizations leverage that experience. That’s a tremendous opportunity we have to help.

ANN JOHNSON: So, with that, walk us through what Azure Sphere is—how do you see our customers and our partners leveraging the technology?

GALEN HUNT: There are four components to Azure Sphere: three of them are powered by technology and one of them is powered by people. Those components combine to form an end-to-end solution that allows any organization that’s building or connecting devices to have the very best of what we know about making internet-connected devices secure.

Let’s talk about the four components.

The first of the three technical components is the certified chips that are built by our silicon partners, they have the hardware root of trust that Microsoft created. These are chips that provide a foundation of security, starting in the silicon itself, and provide connectivity and compute power for these devices.

The second technical component of Azure Sphere is the Azure Sphere operating system. This runs on the chips and creates a secure software environment.

The third technical component is the cloud-based Azure Sphere security service. The security service connects with every single Azure Sphere chip, with every single Azure Sphere operating system, and works with the operating system and the chip to keep the device secured throughout its lifetime.

ANN JOHNSON: So, you’ve got hardware, software, and the cloud, all working together. What about the human component?

GALEN HUNT: The fourth component of Azure Sphere is our people and all their security expertise. Our team provides ongoing security monitoring of Azure Sphere devices and, actually, of the full ecosystem. As we identify new types of attacks and new emerging security vulnerabilities, we will upgrade our operating system and the cloud services to mitigate against those new kinds of attacks. Then we will deploy updates to every Azure Sphere-based device, globally. So, we’re providing ongoing support, and ongoing security improvements for those devices.

ANN JOHNSON: I want to make this real for folks. Walk me through a use case; where would somebody actually implement and use Azure Sphere? How does their infrastructure or architecture fit in?

GALEN HUNT: Okay, let’s start with a device manufacturer. They say, okay we’re going to create a new device, and we want to have that device be an IoT device. We want it to connect to the internet, so it can be integrated into an organization’s digital feedback loop. And so, they will buy a chip, an Azure Sphere-based microcontroller or SoC, which will serve as the primary processing component, and they build that into their device. The Azure Sphere chip provides the compute power and secured connectivity.

Now, of course not everybody is building a brand-new device from scratch. There are a lot of existing devices out there that are very valuable. Sometimes they’re too valuable to take on the risk of connecting them and exposing them to the internet. One of the things we’ve developed during the Azure Sphere preview period is a new class of device that we call a “guardian module.” The guardian module is a very small device—no larger than the size of a deck of cards—built around an Azure Sphere chip. An organization interested in connecting existing devices can connect through the guardian module and pull data from that existing device and securely connect it to the cloud. The guardian modules, powered by Azure Sphere, are a way to add highly secure connectivity—even to existing devices—that’s protected by Microsoft.

ANN JOHNSON: Interesting, it solves a pretty big problem with device security, especially as we continue to see a massive proliferation of devices in our environment, most of which are unmanaged. What do you think is slowing the broad adoption of security related to connected devices?

GALEN HUNT: Well, there are a couple of things. I think the biggest barrier, up until now, has been the lack of an end-to-end solution. For companies that have had aspirations to build or to buy highly secured devices, each device has been a one-off. Customers have had to completely build a unique solution for each device, and that just takes an incredible amount of expertise and hard work.

The other obstacle I’ve found is that organizations realize that they need secure devices, but they just don’t know where to begin. They don’t know what they should be looking for, from a device security perspective. There’s a bit of a temptation to look for a security feature checklist instead of really understanding what’s required to have a device that’s highly secured.

ANN JOHNSON: I know you’ve given this a lot of consideration and your background gives you a deeper view into what it takes to secure devices. You wrote a paper on the seven properties of highly secure devices, based on a lot of research you’ve done on the topic. How did you coalesce on the seven properties and how customers can implement them securely?

GALEN HUNT: Yes, I’m a computer scientist, and for over 15 years I ran operating systems research in Microsoft Research. About five years ago, someone walked into my office with a schematic, or a floor map, of a brand new—actually, still under development—microcontroller. This was actually the very first of a new class of a microcontroller.

A microcontroller, for anybody who is not familiar, is a single-chip computer that has processer, and storage, memory, and IoT capabilities. Microcontrollers are used in everything from toys, to appliances, even industrial equipment. Well, this was the first time I had seen a microcontroller, a programmable microcontroller, with the physical capabilities required to be able to connect to the internet—built in—and at a price point that was just a couple of dollars.

When I looked at this thing, I realized that for the price of a cup of coffee, anything on the planet that had electricity could be turned into an internet device. I realized I was looking at the fifth generation of computing, and that was a terribly exciting thought. But the person who had come into my office was asking, what kind of code should we run on this so that it would be secure if we did want to build internet-connected devices with it?

And what I realized, really quickly, was that even though it had some great security features, it lacked much of what was required to build a secure device from a software perspective, and that set me off on journey. I imagined this dystopian future where there are nine billion new insecure devices being added to the world’s population, every year.

ANN JOHNSON: Sure, the physical risks of device hacking make nine billion insecure IoT devices a daunting thought.

GALEN HUNT: Well for me, that was a really scary thought. And as a scientist, I said, well we know that Microsoft and our peer companies have built devices that have been out on the internet. They’ve been connected for at least a five-year period and have withstood relentless attacks from hackers and other ne’er-do-wells. The driving question of our next phase of work was: why are some devices highly secure, and what is it that separates them?

And we did a very scientific study of finding these secure devices and trying to figure out the qualities and the properties that they had in common, and this led to our list of these seven properties. We published that paper, which then led to more experiments.

Now, the devices we found that had these seven properties were devices that had hundreds of dollars in electronics in them, and, you know, that’s not going to scale to every device on the planet. You’re not going to be able to add hundreds of dollars of electronics to every device on the planet, like a light bulb, in order to get security.

Then we wondered if we could build a very, very small and a very, very economical solution that contained all seven properties. And that’s what ultimately led us to Azure Sphere. It’s a solution that, really, for just a few dollars, any company can build a device that is highly secured.

ANN JOHNSON: So, the device itself is highly secured; it has all these built-in capabilities, but one of the biggest problems our customers face is fundamentally a talent shortage, right? Is there something that we’re inherently doing here, with Azure Sphere, that could make it easier for customers?

GALEN HUNT: Yes. Fundamentally what we’re trying to do is create a scalable solution, and it is Microsoft talent that helps these companies create these highly secure devices. There’s something like a million-plus openings in the field of security professionals. Globally there’s a huge talent shortage.

With Azure Sphere we allow a company that doesn’t have really deep security expertise to draft off of our security talent. There are a few areas of expertise that one has to have in order to build a highly-secure device with similar capabilities to Azure Sphere.

Sometimes I’ll use the words technology, talent, and tactics. You have to have the technical expertise to actually build a device that has a high degree of security in it. Not just a device with a checklist of features, but with true integration across all components for gap-free security. Then, once the device is built and deployed out into the wild, you need the talent to fight the ongoing security battle. That talent is watching for and detecting emerging security threats and coding up mitigations to address them. And finally, you’ll have to scale out those updates to every device. That’s a really deep set of expertise, talent, and tactics and, for the most part, it’s very much outside of what many companies know how to do.

When building on top of Azure Sphere, instead of staffing or developing all of this expertise outside of their core business, organizations can instead outsource that to Microsoft.

ANN JOHNSON: That’s a really great way to put it. It also gives you that end-to-end security integration, right? Because I would imagine Azure Sphere is going to integrate with all of Microsoft’s infrastructure and services?

GALEN HUNT: In building Azure Sphere, we leveraged pretty deeply a lot of expertise and a lot of talent that we have at Microsoft. Take, for example, the infrastructure that we use to scale out the deployment of new updates. We leveraged the infrastructure that Microsoft created for the Windows update service. So we will have the capability to update billions of devices globally.

We also really drew on all of the expertise around Visual Studios for very scalable software development. We brought that power even to the smaller microcontroller class devices.

And the hardware root of trust that we put inside of every single Azure Sphere chip. That hardware root of trust is not something that we just created, just woke up one day and said, hey, let’s build a hardware root of trust from scratch. We actually built it based on our learning from the Xbox console.

The Xbox console, over 15 years has made three huge generational leaps. Those consoles can live in hostile environments—from a digital security perspective and a physical security perspective. So, we’ve taken everything we’ve learned about how to make those devices highly secured and applied it to building the hardware root of trust inside Azure Sphere. These are some of the ways that we’re really leveraging a lot of Microsoft’s deep expertise.

ANN JOHNSON: Today, marks the general availability of Azure Sphere—which I’m super excited about, by the way! But I know you’ve been thinking for a long time about how we solve some of these bigger problems, particularly the explosion of IoT, and how customers are going to have to think about that within the next two, to three, to five, to ten years from now. What are the challenges you see ahead for us, and what are the benefits our customers will be able to realize?

GALEN HUNT: We’re excited as well—it’s a huge milestone for the team. Even at this point, at GA, we’re only at the beginning of our real journey with our customers. One of our immediate next steps is scaling out the silicon ecosystem. MediaTek is our first silicon partner. Their MT3620 chip is available in volume today, and it’s the perfect chip, especially for guardian modules and adding secure connectivity to many, many devices.

With microcontrollers, there are many, many verticals. They range in everything from toys to home appliances, to big industrial equipment. And no single chip scales across that entire ecosystem effectively, so we’ve engaged other silicon partners. For example, in October, Qualcomm announced that they’ll build the very first cellular native Azure Sphere chip.

The other place we see ourselves growing is in adding more enterprise readiness features. As we’ve engaged with some of our early partners, for example, Starbucks, and have helped them deploy Azure Sphere across their stores in North America, we’ve realized that there’s a lot we can do to really help integrate Azure Sphere better with existing enterprise systems to make that very, very smooth.

ANN JOHNSON: There’s a lot of noise about tech regulations, certainly about IoT and different device manufacturing procedures. How are we thinking about innovation in the context of balancing it with regulation?

GALEN HUNT: So, let’s talk about innovation and regulation. There are times when you want to step out of the way and just let people innovate as much as possible. And then there are times as an industry, or as a society we want to make sure we establish a baseline.

Take food safety, for example. The science of food safety is very well established. Having regulations makes sure that no one cuts corners on safety for the sake of economic expediency. Most countries have embraced some kind of regulations around food safety.

IoT is another industry where it’s in everybody’s favor that all devices be secure. If consumers and enterprises can know that every device has a strong foundation of security and trustworthiness, then they’ll be more likely to buy devices, and build devices, and deploy devices.

And so I really see it as an opportunity whereby collectively and, with governments encouraging baseline levels of security, agreeing on a strong foundation of security we’ll all feel confident in our environment, and that’s really a positive thing for everybody.

ANN JOHNSON: That’s really a great perspective, and I think that we’ve always been that way at Microsoft, right? We view regulation in a positive way and thinking that it needs to be the right regulation across a wide variety of things that we’re doing, whether it be AI, just making sure that it’s being used for ethical use cases.

Which brings me to that last-wrap question, what’s next, what are your next big plans, what’s your next big security disruption?

GALEN HUNT: Our next big plan is to take Azure Sphere everywhere. We’ve demonstrated it’s possible, but I think we’re just starting to scratch the surface of secured IoT. There’s so much ability for innovation, and the devices that people are building, and the way that we’re using devices. When we’re really able to close this digital feedback loop and really interact between the digital world and the physical world, it’s just a tremendous opportunity, and so that’s where I’m going.

ANN JOHNSON: Excellent, well, I really appreciate the conversation. Azure Sphere is a great example of the notion that while cybersecurity is complex, it does not have to be complicated. Azure Sphere helps our customers overcome today’s complicated IoT security challenges. Thank you, Galen, for some great insights into the current IoT security landscape and how Microsoft and Azure Sphere are advancing IoT device security with the broad availability of Azure Sphere today.

If you are interested in learning more about how Azure Sphere can help you securely fast track your next IoT innovation.

• Visit the Azure Sphere website to learn more.
• See how customers like Starbucks are using Azure Sphere to drive efficiency and consistency in their retail operations.
• Read more about the Seven Properties of Highly Secured Devices.

About Ann Johnson and Galen Hunt

Ann Johnson is the Corporate Vice President of the Cybersecurity Solutions Group at Microsoft where she oversees the go-to-market strategies of cybersecurity solutions. As part of this charter, she leads and drives the evolution and implementation of Microsoft’s short- and long-term security, compliance, and identity solutions roadmap with alignment across the marketing, engineering, and product teams.

Prior to joining Microsoft, her executive leadership roles included Chief Executive Officer of Boundless Spatial, President and Chief Operating Officer of vulnerability management pioneer Qualys, Inc., and Vice President of World Wide Identity and Fraud Sales at RSA Security, a subsidiary of EMC Corporation.

Dr. Galen Hunt founded and leads the Microsoft team responsible for Azure Sphere. His team’s mission is to ensure that every IoT device on the planet is secure and trustworthy. Previously, Dr. Hunt pioneered technologies ranging from confidential cloud computing to light-weight container virtualization, type-safe operating systems, and video streaming. Dr. Hunt was a member of Microsoft’s founding cloud computing team.

Dr. Hunt holds over 100 patents, a B.S. degree in Physics from University of Utah and Ph.D. and M.S. degrees in Computer Science from the University of Rochester.

The post Azure Sphere—Microsoft’s answer to escalating IoT threats—reaches general availability appeared first on Microsoft Security Blog.

Despite the risks that come with IoT and the strain on security teams during the talent shortage, the potential of IoT is too valuable to ignore or postpone. Decision makers evaluating how to pursue both IoT innovation and security don’t need to steal from one to feed the other. It isn’t a binary choice. There is a way to augment existing security teams and resources, even amidst the talent shortage. Trustworthy solutions can help organizations meet the ongoing security needs of IoT without diminishing opportunity for innovation.

As organizations reach the limit of their available resources, the key to success becomes differentiating between the core activities that require specific organizational knowledge and the functional practices that are common across all organizations.

Utilize your security teams to focus on core activities, such as defining secure product experiences and building strategies for reducing risk at the app level. This kind of critical thinking and creative problem solving is where your security teams deliver the greatest value to the business—this is where their focus should be.

Establishing reliable functional practices is critical to ensure that your IoT deployment can meet the challenges of today’s threat landscape. You can outsource functional practices to qualified partners or vendors to gain access to security expertise that will multiply your team’s effectiveness and quickly ramp up your IoT operations with far less risk.

When considering partners and vendors, find solutions that deliver these essential capabilities:

Holistic security design—IoT device security is difficult. To do it properly requires the expertise to stitch hardware, software, and services into gap-free security systems. A pre-integrated, off-the-shelf solution is likely more cost-effective and more secure than a proprietary solution, and it allows you to leverage the expertise of functional security experts that work across organizations and have a bird’s-eye view of security needs and threats.

Threat mitigation—To maintain device security over time, ongoing security expertise is needed to identify threats and develop device updates to mitigate new threats as they emerge. This isn’t a part-time job. It requires dedicated resources immersed in the threat landscape and who can rapidly implement mitigation strategies. Attackers are creative and determined, the effort to stop them needs to be appropriately matched.

Update deployment—Without the right infrastructure and dedicated operational hygiene, organizations commonly postpone or deprioritize security updates. Look for providers that streamline or automate the delivery and deployment of updates. Because zero-day attacks require quick action, the ability to update a global fleet of devices in hours is a must.

When you build your IoT deployment on a secure platform, you can transform the way you do business: reduce costs, streamline operations, light up new business models, and deliver more value to your customers. We believe security is the foundation for lasting innovation that will continue to deliver value to your business and customers long into the future. With this in mind, we designed Microsoft Azure Sphere as a secured platform on which you can confidently build and deploy your IoT environment.

Azure Sphere is an end-to-end solution for securely connecting existing equipment and creating new IoT devices with built-in security. Azure Sphere’s integrated security spans hardware, software, and cloud, and delivers active security by default with ongoing OS and security updates that put the power of Microsoft’s expertise to work for you every day.

With Azure Sphere, you can design and create innately secured IoT devices, as well as securely connect your existing mission-critical equipment. Connecting equipment for the first time can introduce incredible value to the business—as long as security is in place.

Through a partnership with Azure Sphere, Starbucks is connecting essential coffee equipment in stores around the globe for the first time. The secured IoT implementation is helping Starbucks improve their customer experience, realize operational efficiency, and drive cost savings. To see how they accomplished this, watch the session I held with Jeff Wile, Starbucks CIO of Digital Customer and Retail Technology, at Microsoft Ignite 2019.

Learn more

With a secured platform for IoT devices, imagination is the only limit to what innovation can achieve. I encourage you to read Secure your IoT deployment during the security talent shortage to learn more about how you can build comprehensive, defense-in-depth security for your IoT initiatives, so you can focus on what you’re in business to do.

Also, bookmark the Security blog to keep up with our expert coverage on security matters and follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

Azure Sphere

A comprehensive IoT security solution—including hardware, OS, and cloud components—to help you innovate with confidence.

Get started

The post How to secure your IoT deployment during the security talent shortage appeared first on Microsoft Security Blog.

Since we first introduced Azure Sphere in 2018, the IoT landscape has quickly expanded. Today, there are more connected things than people in the world: 14.2 billion in 2019, according to Gartner, and this number is expected to hit 20 billion by 2020. Although this number appears large, we expect IoT adoption to accelerate to provide connectivity to hundreds of billions of devices. This massive growth will only increase the stakes for devices that are not secured.

Recent research by Bain & Co. lists security as the leading barrier to IoT adoption. In fact, enterprise customers would buy at least 70 percent more IoT devices if a product addresses their concerns about cybersecurity. According to Bain & Co., enterprise executives, with an innate understanding of the risk that connectivity opens their brands and customers to, are willing to pay a 22 percent premium for secured devices.

Azure Sphere’s mission is to empower every organization on the planet to connect and create secured and trustworthy IoT devices. We believe that for innovation to deliver durable value, it must be built on a foundation of security. Our customers need and expect reliable, consistent security that will set innovation free. To deliver on this, we’ve made several strategic investments and partnerships that make it possible to meet our customers wherever they are on their IoT journey.

Delivering silicon choice to enable heterogeneity at the edge

By partnering with silicon leaders, we can combine our expertise in security with their unique capabilities to best serve a diverse set of customer needs.

MediaTek’s MT3620, the first Azure Sphere certified chip produced, is designed to meet the needs of the more traditional MCU space, including Wi-Fi-enabled scenarios. Today, our customers across industries are adopting the MT3620 to design and produce everything from consumer appliances to retail and manufacturing equipment—these chips are also being used to power a series of guardian modules to securely connect and protect mission-critical equipment.

In June, we announced our collaboration with NXP to deliver a new Azure Sphere certified chip. This new chip will be an extension of their popular i.MX 8 high-performance applications processor series and be optimized for performance and power. This will bring greater compute capabilities to our line-up to support advanced workloads, including artificial intelligence (AI), graphics, and richer UI experiences.

Earlier this month, we announced our collaboration with Qualcomm to deliver the first cellular-enabled Azure Sphere chip. With ultra-low-power capabilities this new chip will light up a broad new set of scenarios and give our customers the freedom to securely connect anytime, anywhere.

Streamlining prototyping and production with a diverse hardware ecosystem

Manufacturers are looking for ways to reduce cost, complexity, and time to market when designing new devices and equipment. Azure Sphere development kits from our partners at Seeed Studios and Avnet are designed to streamline the prototyping and planning when building Azure Sphere devices. When you’re ready to shift gears into production mode, there are a variety of modules by partners including AI-Link, USI, and Avnet to help you reduce costs and accelerate production so you can get to market faster.

Adding secured connectivity to existing mission-critical equipment

Many enterprises are looking to unlock new value from existing equipment through connectivity. Guardian modules are designed to help our customers quickly bring their existing investments online without taking on risk and jeopardizing mission-critical equipment. Guardian modules plug into existing physical interfaces on equipment, can be easily deployed with common technical skillsets, and require no device redesign. The deployment is fast, does not require equipment to be replaced before its end of life, and quickly pays for itself. The first guardian modules are available today from Avnet and AI-Link, with more expected soon.

Empowering developers with the right tools

Developers need tools that are as modern as the experiences they aspire to deliver. In September of 2018, we released our SDK preview for Visual Studio. Since then, we’ve continued to iterate rapidly, making it quicker and simpler to develop, deploy, and debug Azure Sphere apps. We also built out a set of samples and solutions on GitHub, providing easy building blocks for developers to get started. And, as we shared recently, we’ll soon have an SDK for Linux and support for Visual Studio Code. By empowering their developers, we help manufacturers bring innovation to market faster.

Creating a secure environment for running an RTOS or bare-metal code

As manufacturers transform MCU-powered devices by adding connectivity, they want to leverage existing code running on an RTOS or bare-metal. Earlier this year, we provided a secured environment for this code by enabling the M4 core processors embedded in the MediaTek MT3620 chip. Code running on these real-time cores is programmed and debugged using Visual Studio. Using these tools, such code can easily be enhanced to send and receive data via the protection of a partner app running on the Azure Sphere OS, and it can be updated seamlessly in the field to add features or to address issues. Now, manufacturers can confidently secure and service their connected devices, while leveraging existing code for real-time processing operations.

Delivering customer success

Deep partnerships with early customers have helped us understand how IoT can be implemented to propel business, and the critical role security plays in protecting their bottom line, brand, and end users. Today, we’re working with hundreds of customers who are planning Azure Sphere deployments, here are a few highlights from across retail, healthcare, and energy:

• Starbucks—In-store equipment is the backbone of not just commerce, but their entire customer experience. To reduce disruptions and maintain a quality experience, Starbucks is partnering with Microsoft to deploy Azure Sphere across its existing mission-critical equipment in stores globally using guardian modules.
• Gojo—Gojo Industries, the inventor of PURELL Hand Sanitizer, has been driving innovation to improve hygiene compliance in health organizations. Deploying motion detectors and connected PURELL dispensers in healthcare facilities made it possible to quantify hand cleaning behavior in a way that made it possible to implement better practices. Now, PURELL SMARTLINK Technology is undergoing an upgrade with Azure Sphere to deploy secure and connected dispensers in hospitals.
• Leoni—Leoni develops cable systems that are central components within critical application fields that manage energy and data for the automotive sector and other industries. To make cable systems safer, more reliable, and smarter, Leoni uses Azure Sphere with integrated sensors to actively monitor cable conditions, creating intelligent and connected cable systems.

Looking forward

We want to empower every organization on the planet to connect and create secure and trustworthy IoT devices. While Azure Sphere leverages deep and extensive Microsoft heritage that spans hardware, software, cloud, and security, IoT is our opportunity to prove we can deliver in a new space. Our work, our collaborations, and our partnerships are evidence of the commitment we’ve made to our customers—to give them the tools and confidence to transform the world with new experiences. As we close in on the milestone achievement of Azure Sphere general availability, we are already focused on how to give our customers greater opportunities to securely shape the future.

The post IoT security will set innovation free: Azure Sphere general availability scheduled for February 2020 appeared first on Microsoft Security Blog.