The need for effective IoT security has never been greater. A quick check of the news headlines makes this abundantly clear, as data breaches, malware, viruses and other types of cyber misconduct have unfortunately become such frequent events.
Why are hackers targeting the IoT? Because any device that connects to other devices or the cloud is a potential entry point for attackers to steal data, manipulate operation or gain unauthorized access to the cloud.
The grim reality is that every IoT asset is exposed, and attacks can happen anywhere and at any time in an IoT device’s life cycle. To limit exposure, and thereby minimize risk, IoT connectivity needs to be secure. Every transmission, every update and every download – from the first connection to the last – needs to be protected.
The good news is that it is, indeed, possible to create the kind of constant, lasting protection that IoT devices need.
Two Key Areas of Concern
Strong IoT protection centers address two of the biggest vulnerabilities IoT device face—device onboarding and ongoing credential maintenance.
- Device Onboarding
Device onboarding refers to the act of connecting the device to a cloud service. To make onboarding safer, an authentication process is used. In order to log onto the cloud, the device first confirms (or authenticates) its identity and demonstrates its authorization to enter by presenting credentials. Credentials are sensitive assets that must be protected at all times, so that they can be trusted when presented. Strong authentication ensures that only authorized entities communicate with one another, protects access to the device and safeguards device data during storage and transmission.
- Ongoing Credential Maintenance
Security is a moving target, with new threats emerging all the time. There needs to be a protected way to update devices with new security mechanisms for as long as they’re in the field. Credential maintenance helps to ensure that the right level of security is in place over time. The updates that refresh and extend device protections have to be executed safely, to avoid giving hackers the opportunity to tamper with any part of device operation, cause harm or steal information.
EdgeLock 2GO—A Flexible Way to Ensure IoT Security
The NXP EdgeLock 2GO platform is designed to bring the high-level protection needed to safeguard IoT devices, from production to decommissioning. The platform is a purpose-built hardware and service combination that establishes a silicon-based root of trust. This silicon-based root of trust makes device onboarding a trusted activity and creates a secure infrastructure for managing credentials, so connections remain trustworthy for the lifetime of the device.
- EdgeLock SE050 Secure Element
With the EdgeLock 2GO platform, protection begins with a solid foundation inside the device where an EdgeLock SE050 secure element, which provides the root of trust and safely stores credentials. The presence of an EdgeLock SE050 in an IoT device assures developers that their design is protected against the latest attack scenarios by the same level of security used by governments and financial institutions to protect classified and high-value information.
- EdgeLock 2GO Cloud Services
Building on the comprehensive security mechanisms provided by the EdgeLock SE050 secure element, the EdgeLock 2GO cloud service is a secure, zero-touch deployment and maintenance service that’s designed to work the way you do. Three flexible service options let you choose the level of support that’s best for your situation. Options for pre-provisioned devices that are ready to connect, or create your own configurations, with as many keys, certificates and data types as you need. Or, simply tell us which services you want to connect to and we’ll take care of everything else. We’ll provision the necessary device keys and certificates, and even register your device identities with your chosen cloud service(s).
More Than Strong Security—A New Level of Flexibility
While the EdgeLock 2GO cloud service ensures safe onboarding and credential maintenance, it also delivers new levels of flexibility in terms of how devices interact with the cloud, when device configuration happens, and how many real-world use cases they support.
With NXP EdgeLock 2GO supporting their deployment, device manufacturers have the confidence that their devices are protected by high-level security, while also finding new ways to reduce time-to-market and lower the day-to-day costs of operating an IoT deployment.
Download the White Paper
Our new white paper, titled “Delivering Trusted IoT Connected with the EdgeLock 2GO Platform”, looks at the question in more detail, and explains how NXP’s approach to IoT protection creates a comprehensive approach to reducing IoT exposure to security risks. Find out more at www.nxp.com/EdgeLock2GO