Last updated on April 26, 2018 by Dotsquares
The ever-growing concerns over connected devices has made many cyber security firms, as well as the organizations associated with IoT, very anxious. Additionally, the lack of proper regulations for measuring the associated ROI with security investments, is curbing the growth of innovation in its field.
In order to solve these long-existing issues, the long-standing front-runner in the OS market, Microsoft, has made some remarkable announcements at this year’s RSA Conference in San Francisco.
A Complete IoT Security Platform
One of the announcements that has gathered huge attention is the revelation of its innovative cloud security system, or service that goes by the name Azure Sphere.
This new system encapsulates the entire IoT ecosystem; creating a singular and lasting security measure against all the possible cyber attacks. This new strategy involves the amalgamation of ameliorated devices (Azure Sphere certified micro controllers), security network (Azure Sphere Security Service), and interface (Azure Sphere OS) for a more secure network of Internet of Things. It begins with the connection of extremely secure, as well as Microsoft certified, MCUs (micro controller units in IoT devices that control their processing and memory) with application processors (MPUs). It is noteworthy, that a large number of MCUs are being deployed every year (9 billion to be exact), making these a tempting target for cyber criminals.
Therefore, the attempt from Microsoft to certify and secure the hardware component, despite not having active participation in the market, is a praiseworthy one. For the purpose, the company has shared the RTL with chip manufacturing companies like NXP and Qualcomm.
The second component of the Azure sphere is the Linux-based operating system, which will be built for the specific purpose of making the connection between devices more secure and agile. The OS will have many more layers of security than what the present OSs controlling the IoT devices have.
The last component of the strategy, which is also the element that makes the proposed strategy have a durable lifetime, is the cloud service that will keep the operating system updated with latest security patches. The service, which will come with a timeline of ten years, is believed to protect the entire ecosystem against all the emerging cyber security threats for a decade at least.
Tools for better cyber security management
Another remarkable announcement made by Microsoft during the conference is about its upcoming tools- Attack Simulator and Microsoft Secure Score.
Attack Simulator, as the name suggests, simulates the probable attacks on a system to test its susceptibilities. The tool will act as a part of Office 365 Threat Intelligence and will allow the security teams to run mock cyber attacks on the system so that they can configure the security settings more appropriately.
The other tool provides a solution for the second most prevailing problem in the cyber security market. As mentioned above, most of the companies don’t have much of an idea about their investments in cyber security. This lack of information is often accounted for the industry’s sluggish growth compared to that of other corresponding markets. Companies, unable to figure out the ROI of their investments in system security often overlook this area, leading to severe cyber attacks that cost them a small fortune.
This is why the announcement of Microsoft Secure Score is taken by many analysts as the real game changer. The tool will simplify the security assessment of organisations, enabling these organisations to cross-compare their scores as well as their position with other similar organisations. The tool will be working on Machine Learning algorithms and will work as the much sought-for benchmark in the cyber security industry, leading to increased and more practical investments in the area.