You are here

IoT’s lesson from PCI: Commercial motivation is Crucial | 赛普拉斯半导体

IoT’s lesson from PCI: Commercial motivation is Crucial

This is part two of What IoT can learn from the Payment Card Industry

We ended part one discussing the IoT industry’s need for managing costs associated with security, and how the payment industry addressed this through normalization. However, IoT application and infrastructure fragmentation is much greater than the homgeneous PCI market.  Each component of a total IoT product – cloud platform, connectivity, end application – has multiple variations. AWS or Azure? Wi-Fi or LTE? Thermostat or Smart Speaker?  These variations make it difficult for a normalizing effort for security to emerge. However, there are early signs athat progress is being made.

One example of a normalizing force is government-led legislation and policies. In the US, California has made the first move with the California Consumer Privacy Act (SB-327). Similar legislation is being put forth in at least nine other states (as of this writing), adding to the momentum. In Europe, the EU and the European Telecommunications Standards Institute (ETSI) both have active initiatives that are attempting to address end-user privacy.

Industry-led initiatives also have a normalizing effect. One of the more visible efforts is the Platform Security Architecture (PSA) initiative. It is safe to say that the vast majority of IoT devices today incorporate at least one Arm processor. As such, Arm is leading this initiative to make security implementation easy and cost effective for devices that use their processors.

Cypress welcomes these normative efforts. They increase consumer awareness, and they serve to offer commercial motivation in the form of legal compliance and operational expense efficiency. This is important because normative efforts must address commercial motivation to be credible, and therefore to be effective.

These efforts are still taking shape. So, what can a secure IoT solution provider like Cypress offer in the mean time? Our approach is to provide an embedded security foundation that aligns to the commercial motivations that these efforts present. Specifically, this means:

  • Providing supply chain cost efficiency by offering standard, off-the-shelf secure devices with customization occuring later in the supply chain. This eliminates the costs of special handling and customized product inventory prior to devices being purchased. In addition, provisioning occurs as an extension of programming. All MCUs with embedded Flash require programming, and bear supply chain overhead to do so. Sharing this overhead with provisioning extracts efficiency.
  • Supporting any cloud. Maintaining control over data privacy is essential and depends upon managing device and network integrity. Secure device management is a critical capability that tends to have implementation dependencies on the cloud platform, including proprietary platforms. Flexiblity is an important enabler for competitive differentiation.
  • Using standardized embedded secure services, which are available for the embedded system, enables design reuse, and standard APIs for secure cloud applications such as firmware update. This secure by design approach yields efficiency for engineering, network operations, and for legal compliance.

More specifically, Cypress is tackling this issue with solutions based on our PSoC 64 Secure MCUs. PSoC 64 based solutions have been developed with the entire IoT device lifecycle in mind, and therefore, specifically provide the benefits that align to the normative efforts that are underway.

We’re still a long way from the finish line, but Cypress is committed to the cause – your cause! We’ll always be there for our customers and ecosystem partners to ensure their products meet the latest security standards while also aligning to the commercial.

本网站上的所有内容和材料均“按原样”提供。赛普拉斯半导体公司及其各个供应商对这些材料用于任何用途的适用性不作陈述,并且对关于这些材料的所有担保和条件概不负责,包括但不限于有关适销性、针对特定用途之适用性、权利和不侵犯任何第三方知识产权的所有暗示担保和条件。赛普拉斯半导体公司不授予任何明示或暗示的许可(无论是以默许方式或是任何其他方式)。使用本网站上的信息可能需要第三方的许可,或赛普拉斯半导体公司的许可。

本网站上的内容可能包含或必须遵守关于使用的特定准则或限制。所有帖子和使用本网站上的内容都必须遵守本网站的条款与条件;使用这些内容的第三方必须同意遵守任何限制或准则,并遵守本网站的条款与条件。赛普拉斯半导体公司及其供应商保留随时对内容和材料、产品、计划和服务进行纠正、删除、修改、增强、改进或其他变更,或者移动或终止任何内容、产品、计划或服务的权利,恕不另行通知。