IoT: device management and security are crucial

IoT: device management and security are crucial
(Image credit: Shutterstock)

The tipping point for Internet of Things (IoT) development has arrived, as more companies design solutions to help them mine new sources of valuable data to transform their enterprises. A recent Economist Business Unit report found that nearly 60 percent of companies are using IoT technologies and a similar percentage are seeing much better-than-expected return on investment.

About the author

David Maidment, director, secure device ecosystem at Arm.

Yet the Economist report also revealed some frustrations about the pace of progress in IoT development as companies seek to speed their time-to-value. Some of this is tied to lingering concerns about security; in other cases, there’s evidence that design and deployment is slowed by the sheer complexity of IoT development today. Billions of connected devices require provisioning, management, monitoring and security for which today there isn’t a standardized development flow or methodology.

There are vastly different approaches and diverse choices in hardware and software, with multiple device vendors to manage. There’s the risk of supplier lock-in with hardware and with cloud services, be they public, private, on-premises, or a hybrid. There are different device types: constrained, ultra-constrained, resource-rich, edge gateways and mainstream devices and different approaches to connectivity.

Let’s take a closer look at some of the challenges that need to be addressed.

Lots of data, lots of risk

The sheer volume, velocity and variety of data need to be considered. This explosion of hardware devices means that IoT data volume is growing much faster than bandwidth is to the cloud. Consider just one use case: In the future, Arm anticipates 500 million high-definition (HD) image sensors will produce 300 exabytes of data per month.

Additionally, the rapid growth of IoT expands the potential attack surface for malicious actors, which means poor security can lead to disastrous economic effects for companies.

This IoT data is often distributed across regions and systems and siloed across organizations. To deliver value, it must be unified, analyzed, secured and interpreted in the context of other data sources — a complex task given the spread and deployment of devices and disparity of data types.


The noted security analyst Brian Krebs has said, “If what you put on the Internet has value, someone will invest time and effort to steal it.”

IoT data must be trustworthy and reliable, but there are many ways for data to be compromised. We’re all well aware that security can be compromised by external, malicious forces. For example, there has been a 300% increase in malware loaded onto IoT devices and a 600% increase in IoT device attacks. Shockingly, there will be an estimated $6 trillion in damage linked to cybercrime by 2021.

Then there’s the risk of violating government guidance, standards and law. Companies will need to comply in the countries they want to sell in, otherwise they could find themselves shut out of some markets, fined, or both.

IoT development: Blocking and tackling

Operational challenges abound from the beginning of the IoT journey to its end. For example, how do you efficiently roll out hundreds of thousands or even a million devices in a timely manner? Once up and running, device firmware and IoT application software will need to be updated – possibly multiple times – during the course of the device’s life. Additionally, the device should be monitored against established baselines. 

This creates the environment for an early warning system that can highlight possible software bugs or security exploits. Devices also may experience an “upgrade” during their life cycles, as new capabilities may be activated and enabled over-the-air, based on needs and business cases.

Ownership changes require re-assignment of control, and at the end, devices need to be decommissioned and brought to end-of-life in an efficient manner.

These development and deployment challenges are prompting companies to re-examine how they allocate resources more efficiently. For example, only 15% of overall IoT systems development time is IoT application development. But a full 30% is device-management issues (provisioning, onboarding, and updating devices and systems), while 40% is taken up by developing the device stacks. These tasks can be very tedious, and IoT expertise in organizations is limited today.

One of the most important aspects of any IoT system is connectivity, but today assessing the right path can be difficult because connectivity options can be fragmented. IoT devices are being deployed globally and in diverse applications. For reliable data collection, the devices must be cost-effectively and securely connected on different types of networks. Flexibility and choice are key, whether it’s a type of cellular connection (2G-5G) or having to deal with both IP and non-IP communications protocols (Wi-Fi, Wi-SUN, BLE, Ethernet, etc.).

Four pillars of IoT effectiveness

This is the world of complexity that companies can confront as they embark on their IoT journeys. But solutions are emerging to take the pain and much of the effort out of this.

Each IoT project needs a firm security foundation upon which to launch. This if the first of four key pillars upon which to start your IoT journey. For example, “PSA Certified” is an industry-endorsed framework and certification program for making more secure, connected devices. It guides risk analysis and technology choices for both hardware and software. Teams can use the PSA Certified methodology to analyze and evaluated assets and assess security threats. It also enables them to architect and implement security solutions based on identified security requirements and then certify that products adhere to security requirements.

Three additional pillars are also crucial for any coherent and comprehensive solution – data, device, and connectivity management.

Data management services must deliver a unified view of data to speed visualization and business intelligence insights, which will help optimize enterprise functions, ranging from marketing to asset/supply-chain visibility.

In systems composed of thousands, hundreds of thousands or millions of endpoint devices, device management services must deliver a single view of all devices that helps enabled unified security and unified client abstraction for fragmented device profiles. These type of platform functions can, for example, help improve energy management in systems and devices and help foster predictive maintenance.

And then there is the need for visibility inside each device itself, where both malicious hacking and human programming error can wreak havoc. Effective IoT platforms should be able to collect metrics from connected devices and use them to detect deviations from expected behavior. When problems inside a given device are detected, they may have been caused by human error (such as misconfiguration or a firmware bug) or by malicious activity, such as a cyber-attack.

System administrators can specify expected behavior for groups of devices by means of rules and thresholds for processor utilization, memory usage, active network connections and amount of data sent and received by the device. For example, a user recognizes that a programming error is draining the battery life of deployed devices. A variation could be a memory leak that is causing data to be lost and/or device restarts. The customer then patches the faulty software and performs another update to resolve the issue.

The last pillar, connectivity management services, must provide one view of networks for operators of IoT ecosystem in various geographies around the world – a unified identity that can deliver ML-enabled analytics to help optimize, for example, supply chains or build occupancy.

Rubber, meet road

At 165 billion deployed Arm devices and counting, we’re well on the road to a trillion connected IoT devices by 2035. But in getting there, we’re encountering a level of complexity we’ve not yet experienced. Device, data and security management takes the stress, cost and risk out of setting up an IoT system. 

A platform-based approach can help address:

  • Vast and diverse device types that require remote management and device-level security
  • Fragmented connectivity options that require light-touch management, so devices can be cost-effectively connected on different types of networks
  • Distributed, diverse and siloed data that must be unified, analyzed, and interpreted in the context of other data
  • IoT data reliability as data travel from devices to analytics or visualization tools. IoT requires a comprehensive device-to-data approach to security.

IoT’s tipping point for adoption is here, but we need remove the barriers that are giving some companies pause as they navigate their journey. Companies need to accelerate time-to-market and be flexible enough to lower costs and explore new business models. But they also need to get security right because the risks to brand reputation and the bottom line are just too great.

David Maidment

David Maidment is the Director Secure Device Ecosystem at Arm. He is a technologist specialised in the internet of things (IoT). His role is to secure the next one trillion connected devices, from end point to cloud with the help of the Arm Platform Security Architecture (PSA) framework.