To solve IoT security, look at the big picture, ARM says
ARM's new mbed Cloud for device management is part of its IoT strategy, and so are server and network chips
By Stephen Lawson
PCWorldOct 27, 2016 11:16 am PDT
The recent DDoS attacks launched from IoT devices demonstrate that the internet of things spans all parts of IT and that most companies deploying it still need a lot of help.
That’s the message from ARM, the chip design company behind nearly every smartphone and a big chunk of IoT, at its annual TechCon event this week in Silicon Valley.
Small, low-power devices like sensors and security cameras are the most visible part of IoT, and they’re right in ARM’s wheelhouse as the dominant force in low-power chips. But on Wednesday, the company highlighted a cloud-based SaaS offering rather than chips or edge devices themselves. IoT depends on back-end capabilities as much as edge devices, and the company wants to play a role in all of it.
The SaaS platform, called mbed Cloud, handles device connection and setup, encryption-key provisioning, and firmware updates. Anyone selling IoT devices or deploying them across an organization can use mbed Cloud for any or all of these functions, ARM says. With some extra work, it can serve non-ARM devices, too.
In recent DDoS attacks, hackers built botnets out of thousands of connected devices. Making them vulnerable were default passwords that were the same on every device, letting attackers take over the devices. So it’s clear that some IoT manufacturers need help locking down products and keeping them secure, ARM executives said.
“It’s no longer just a matter of ‘build a product, throw it over the wall, and let the consumer deal with it,’” said Michael Horne, vice president of marketing and sales in ARM’s IoT division. The mbed Cloud service provides for individual device authentication and ongoing security updates to defend against new threats.
Whether they make baby monitors or jet-engine sensors, many IoT device vendors need outside help on security, IDC analyst Shane Rau said. IoT evolved from specialized, isolated devices built for vertical industries, with no provision for security. Now developers are looking outside their own fields for general features like security. ARM is in a good position to provide those, through offerings like mbed Cloud, because its designs are at the heart of so many embedded chips, he said.
“You can reinvent the wheel, or you can use this,” ARM CEO Simon Segars told reporters at the conference. “We think we can help defragment what is otherwise going to be an incredibly fragmented — and probably weaker as a result — set of solutions.”
IoT is ARM’s rallying cry as it marches forward from its recent acquisition by Japanese conglomerate SoftBank. It will use its newfound resources to accelerate development in several areas, key among them being IoT and security, Segars said.
Embedded processors are a fast-growing part of its business, which includes about one-half smartphone chips today.
But ARM’s IoT strategy encompasses more than those billions of devices, Segars said. IoT also involves the servers that crunch the numbers streaming out of those devices and the networks that link the two. ARM-based chips are already widely used in networking. An end-to-end architecture based on ARM chips will help the company make inroads into the server business, where it’s had a hard time gaining a foothold, he said.
The company’s new owner, SoftBank Chairman Masayoshi Son, has said IoT was his main reason to buy ARM. Son meets regularly with ARM management and is on board with its strategy, Segars said. “He completely trusts us to get on with business.”