Improving IoT Security in the Connected Economy

Image for post
Image for post

A Q&A with Philip Attfield, CEO of leading IoT Security Firm Sequitur Labs

Please tell us more about yourself?

I’m Philip Attfield, CEO of Sequitur Labs Inc. I have more than 25 years of experience in computing, networking, security and systems modeling at both large and small enterprises. I began my career at Nortel where I was a member of the scientific staff, developing software tools and in-house products for modeling, synthesis and verification of telecom and network equipment hardware. I later founded Signal 9 Solutions, which pioneered PC/desktop firewalls and created the Conseal brand of security products. At Boeing, I led the team responsible for the development of large-scale security policy and management framework. I’ve served in a number of high-profile roles in the field of digital forensics and am a frequent keynote speaker at international security conferences.

What is Sequitur Labs’ mission and what unique products/solutions do you provide?

Sequitur Labs is a software company developing and commercializing revolutionary technologies to improve embedded device and system security, manageability, and trustworthiness in the connected economy. Sequitur helps device OEMs reduce the cost and complexity of implementing security correctly by providing packaged software as a product. Sequitur’s software leverages advanced, on-chip hardware security technologies to deliver high-value strong security, economical and accessible security solutions.

Sequitur’s software solutions are critical security enablers for a large, worldwide market of device makers that need strong security but cannot afford the in-house expertise. Sequitur’s business approach includes demystifying and driving down the cost of security, simplifying deployment, and messaging the business value of security.

Could you give us a walkthrough of Sequitur’s products and what sets them apart?

The EmSPARK Security Suite was designed to address solutions in industries where embedded security is paramount such as industrial control, building automation, the smart home, machine vision, automotive communication, and medical devices. Built on three pillars of product security — design, build and sustain, EmSPARK provides device manufacturers with the firmware, tools and APIs needed to properly execute IoT protection. Our latest version of the EmSPARK Security Suite provides a robust security framework protecting embedded firmware, keys and security-critical assets through the entire device lifecycle. It enables silicon hardware security features, secure device provisioning, and API access to essential trust services such as secure storage, firmware updates and payload verification.

The EmSPARK Security Suite delivers a host of capabilities, including the integration of OpenSSL with functions secured by ARM TrustZone and preconfigured to use cryptographic functions available processors supporting this technology in hardware. The EmSPARK Security Suite also includes key management functions that form the basis of several secure processes such as trusted boot, storage and authentication with IoT clouds.

This allows developers to focus on building their application and/or device rather than spend time reading through data sheets to configure various hardware components. The result is that they can get their products to market faster.

Having an IoT security solution in place does not guarantee protection against an attack. How does your company offer greater assurance?

Devices secured by the EmSPARK Security Suite help customers reduce the risk and liability associated with IoT deployments. The Suite covers security requirements relevant at various stages of a product’s lifecycle.

We believe that a product must be secured from the time it is manufactured to the time it is decommissioned. This ensures that a company’s intellectual property (IP) is not stolen, the device operates without compromise at any point in its life, and that customer data is protected at all times. Additionally, it ensures that connections with remote systems, such as IoT cloud servers, are secure and tamper-proof.

For example, the EmSPARK Security Suite enables implementing a root of trust, which supports a variety of secure processes such as trusted boot. It creates a dual operating environment because a TrustZone-enabled processor can switch between secure and non-secure states. This allows isolating and separating critical material and data in a hardware secured area, dramatically improving device security. Developers can easily build applications that use secure resources without having to become experts in cryptography and complex hardware security technologies.

Analysts predict the global IoT security space will grow to USD $36.6 billion by 2025. Where do you see the future of IoT going?

With as many as 60 billion smart devices expected to be online in the near future, the likelihood that IoT products, applications and systems are going to be the main points of vulnerability from an organizational security standpoint seems fairly obvious. There are lots of lines of security built into corporate data centers to prevent break-ins and malicious attacks from cybercriminals but not nearly as much effort to secure the devices connecting to those data centers. The greatest obstacle to a future serviced by smart devices is security, including aggressive new variants that attack endpoints at the edge and threaten embedded computing systems.

IoT security is at an inflection point. In-house efforts to address device-level security are difficult and expensive, making it an unattractive option for many manufacturers. But I believe that the success of our industry will be achieved by helping developers build applications that use secure resources without having them having to become experts in cryptography and complex hardware security technologies. IoT will only be successful if device manufacturers and system operators can successfully and economically protect against threats. Working hand-in-hand with a comprehensive IoT security software solution will promote the growth of the industry beyond analysts’ predictions.

Written by

Technology writer for FastCo, Quartz, The Next Web, Ars Technica, Wired + more. Consultant specializing in VR #MixedReality and Strategic Communications

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store