Beyond The Now IoT Security Podcast | PSA Certified

PSA Certified
  • 5.0 (4)
  • TECHNOLOGY
Beyond The Now IoT Security Podcast | PSA Certified

Beyond the Now is an IoT security podcast, brought to you directly from the technology ecosystem. Your host is David Maidment, Senior Director Secure Device Ecosystem at Arm (a PSA Certified founder). He brings over 25 years of experience in the embedded and connectivity industry. In this podcast, David speaks to industry leaders from across the tech sector to discuss their views on the past, present and future of IoT security. In each episode, we dial in on the challenges businesses and consumers face to secure the future of the IoT to create a safer more connected society.

  1. 15/02/2022

    Secure by Default with Microsoft: “Without IoT security people will be reluctant to innovate.”

    In our second #beyondthenow podcast episode with Microsoft, we take a deep dive into IoT security with Eustace Asanghanwa (Principal Program Manager for Security, Azure IoT, Microsoft). Eustace and David explore IoT security challenges, what we mean by a secure by default approach, and the benefits of protection profiles. They also discuss Microsoft Azure's PSA Certified Level 1 certification, how it is helping to facilitate better collaboration with the ecosystem, and why we need to see more cohesion between different security certification schemes. Introductions to Eustace and Microsoft. [01:24] The Azure RTOS is PSA Certified Level 1 and how this addresses the ‘trilemma’ of IoT security. [03:56] PSA Certified is also helping to facilitate collaboration between the AzureRTOS and the ecosystem. [06:56] People value IoT security but they don’t always know what it means. [09:41] Securing the IoT will encourage new innovations [10:44] The autonomy of IoT devices is removing the ‘human companion’ and the IoT security protection that provides. [12:01] What is a ‘secure by default’ approach to security? [16:11] A Secure by default approach enables a threat modeling mindset. [17:08] When you design-in security you need to consider the product’s entire lifecycle. [18:52] People are willing to invest in IoT security because they understand the value of the IoT and digital transformation. [22:10] Securely deploying the IoT requires an ecosystem approach. [23:00] It's unrealistic to expect system integrators to become experts in all areas of IoT development and deployment. [24:53] As an ecosystem, we need to work together on the solutions to reduce the burden on system integrators. [26:29] Microsoft Azure’s Blueprint approach to IoT security. [27:39] Confidential Compute and the edge. [31:47] Protection profiles help us to answer the question ‘Is this device secured?’ [33:21] Protection profiles create a baseline of requirements for specific devices to be secured. [36:20] Multiple certifications help us target security at different levels of granularity. [39:36] We expect to see a more cohesive composition between IoT security certification schemes that target different functionalities and markets. [41:27] Eustace’s predictions for the IoT in 5 years’ time. [46:02] Blockchains might lower the cost of security infrastructure. [49:01] Eustace’s top piece of IoT security advice. [50:26]

    54 min

  2. 15/02/2022

    Digital Transformation, Digital Twins, and the Metaverse with Microsoft

    In the first of two #beyondthenow podcast episodes with Microsoft Azure, we explore the wider impact of the IoT and digital transformation on businesses, setting the scene for the importance of security. Tony Shakib (General Manager, Azure IoT, Microsoft) sits down with David to discuss why digital transformation is becoming a necessity, how the IoT is helping fuel a more proactive business model and why security should be part of the core fabric of your solutions. Introduction to Tony Shakib (General Manager, Microsoft Azure IoT). [01:18] What are the main industries that Microsoft are working with on their digital transformation journey? Industrial IoT, Smart Cities, and Connected Healthcare. [03:01] The three phases of digital transformation: connectivity, context, connected ecosystems. [05:29] Digital transformation results in operational efficiency but also allows you to grow your business in new ways. [09:09] What are digital twins? [11:43] The IoT is fueling a more proactive business model. [14:17] The IoT is helping build the industrial metaverse. [15:47] Businesses are realizing that digital transformation is no longer optional. [17:25] Microsoft take a zero-trust approach to IoT security and their IoT security solutions. [20:30] Legacy devices are one of the biggest challenges for those starting their digital transformation journey. [23:21] Tony’s predictions for the IoT landscape in 5 years’ time. [26:01] Edge compute and cloud compute are equally important. [28:51] Tony’s advice for the listeners: Utilize the existing guidance on IoT security to better understand the nuances of IoT security your industry. [30:07]

    32 min

  3. 30/11/2021

    IoT Security at the Edge with Eurotech: “Security is not just a concern. It’s a barrier to adoption”

    In the first episode of series 2 of the #beyondthenow IoT security podcast, David is joined by Marco Carrer, CTO of Eurotech, to examine the emergence of edge devices. They discuss what we mean by edge devices, the crucial role the edge is playing across all industries, and the challenges of edge device security. We also discuss the benefits of industry collaboration and how IoT security frameworks are bridging security knowledge gaps.  · Introductions to Marco Carrer and Eurotech. [01:01] · What do we mean by the edge and edge devices. [03:20] · Why have edge devices been developed? What is driving compute closer to the data source? [4:13] · Edge devices reduce our reliance on the cloud but the application will decide how much computing power you need at the edge. [06:27] · Do edge devices still have a relationship with a data center? [07:44] · What kind of industries are adopting edge technologies? [10:24] · How the edge is enabling the merging of IT and OT in the Industrial IoT space and how this complicates security further. [12:15] · The PSA Certified 2021 Security Report found that a lack of expertise was a major barrier when implementing IoT security, with that in mind how do customers describe their IoT security requirements to a company like Eurotech? [14:48] · We’re in a transition phase where early adopters are keen to implement IoT security, but many people are still holding back. [16:07] · The importance of industry collaboration to provide IoT security collaboration. [16:48] · How IoT security frameworks are helping Eurotech and their customers understand their security requirements. [17:39] · IoT is fragmented even beyond security with many different architectures, protocols, and deployment scenarios. [19:10] · IoT security needs to be embraced by the entire business, not just the engineering teams. [20:02] · We need collaboration from the entire ecosystem, even those who are traditionally seen as competitors. [21:24] · What do you think the IoT landscape will look like in 5 years?: The emergence of edge workload consolidation. [23:31] · How edge workload consolidation will increase IoT security adoption. [25:19] · What advice would you give listeners when it comes to IoT security? [26:40]

    30 min

  4. 07/04/2021

    SMB Cybersecurity Challenges: “Collaboration is our greatest armory”

    In this podcast, David is joined by Dr. Sally Eaves, Senior Policy Advisor for the Global Foundation of Cyber Studies & Research and CEO of Aspirational Futures. Sally and David examine the impact Covid-19 has had on both our professional and personal lives and the crucial role security has played in this adaption. They also discuss how the narrative around security must change and the key role collaboration plays in the future of IoT security. ·  Introduction to Sally Eaves. [1:05] ·  Technology as a cause for good. [2:32] ·  The emergence of hybrid models over the last 12 months in all aspects of everyday life and the impact this has had on IoT security. [3:18] ·  Has COVID-19 raised the awareness of the cyber threat? [7:16][SS1] ·  Companies are changing how they approach digital transformation and IoT security: CFOs, CEOs and CTOs are leading security discussions and acting as positive agents of change. [9:30] ·  The role the tech industry has in improving cyber-security education. [12:09] ·  “Security has to be embedded in every aspect of organizational strategy”. [13:28] ·  The PSA Certified 2021 Security Report: is it a surprise that smaller companies are struggling to implement best practice security? [14:22][SS2] ·  The growing security skills shortage and addressing misconceptions surrounding IoT security access and cost. [17:08] ·  5G and other emerging technologies offer a wealth of possibilities, but this needs to be underpinned by robust security infrastructure. [21:12] ·  What are the biggest challenges for CTOs and CIOs on the digital transformation journey? [22:46] ·  The importance of changing the narrative around security- it's a differentiator that can enable the future of your organization and should be embedded into the DNA of every business. [25:18] ·  What is the future going to look like in 5 years’ time? The power of collaboration as a positive contagion of change for security and climate change. [27:18] ·  Bridging the gap between the perceptions of IoT security and the realities: “collaboration is our greatest armory”. [29:12] Sally’s main piece of advice for companies when approaching IoT security: your security strategy needs to be “holistic, flexible and scalable”.  [31:07] Prof. Sally Eaves is Senior Policy Advisor for the Global Foundation of Cyber Studies & Research and CEO of Aspirational Futures which enhances inclusion in education and technology. A highly experienced Chief Technology Officer, Professor in Advanced Technology and Global Strategic Advisor, Sally is an Author and Speaker on Digital Transformation (Cloud Computing, Cyber Security, 5G, IoT, IIoT, AI, ML, Blockchain), Culture, Skills, Sustainability and Social Impact. LinkedIn Twitter

    35 min

  5. 16/03/2021

    Predicting the Future of IoT security: “When our customers have the requirements, we need the silicon to be ready.”

    In this podcast, David is joined by Mike Dow, Senior Product Manager, IoT Security at Silicon Labs. Mike and David talk about changes in the semiconductor industry over recent years, including emerging regulations and more sophisticated attacks that target end nodes. Mike provides the silicon vendor perspective, discussing the critical role they play in setting the foundation for IoT security and the importance of looking to the future when designing products to meet customer requirements. ·  Introductions to Mike Dow [00:45] ·  Introductions to Silicon Labs [02:00] ·  Where are we with security? Are customers asking for security? [03:30] ·  Where is the pull for security coming from? The IoT regulations mean you can’t ignore security [04:20] ·  We’re moving from ignoring security, to being actively concerned about the role it plays for a business’ success [05:45] ·  The change in IoT security over the last two years [06:25] ·  What this change means for semiconductors: more things to worry about [07:30] ·  The role of the Root of Trust for semiconductor vendors: the “brain of the device”, the secure boot process and why this is important [08:15] ·  Do OEMs have an appreciation for the Root of Trust and what it offers them? [10:15] ·  Silicon Labs are the world first to achieve PSA Certified Level 3. The role of remote attacks vs. physical attacks and why it is important to protect against both [11:35] ·  The sophistication of the attacks will grow over time and we must be ahead of the game [14:18 ] ·  The time delta between creating a silicon product and that product being in the market is quite large: so we essentially have to predict the future [15:22] ·  Looking five years ahead, staying ahead of where the world is moving. How much can you patch later? The role of updatable security subsystems [16:22] ·  You must start with good quality silicon, or everything unravels [18:24] ·  IoT deployment models and the long lifecycle of IoT, especially for embedded sensors [19:03] ·  If the premise is that that the crooks will always find a way, and always find a hole, then a good engineer will always build in a mechanism to update [19:57] ·  Why update policies are suddenly very important [20:40] ·  PSA Certified Security Report 2021 and the feedback from the industry on cost, the view on cost from a silicon vendor point of view? [22:37] ·  The state of the nation of certification on IoT and what we need to overcome: inheriting certification and “crowdsourcing” certifications to avoid choking the ecosystem [27:00] ·  Mike’s advice for the future of IoT: consolidating requirements and protection profiles [34:22]

    41 min

  6. 18/02/2021

    IoT Devices and the Cost of Cybersecurity with Flex: "Security is as necessary as the device power supply"

    In this podcast David is joined by Dr. Juan Nogueira, Senior Director of Connectivity Center of Excellence, from worldwide ODM, Flex. They have a fascinating discussion about how Flex approach security and why there is always space in the bill of materials for security. They also talk about how ODMs are not only creating IoT, but also embracing IoT – it’s one not to miss! Dr.  Nogueira is Sr. Director for Connectivity in the Global Technology Team at Flex. In this role he is defining technology roadmaps, evaluating new innovative solutions, establishing strategic collaborations with partner companies and leading internal research programs in the field of wireless communication. Prior to working at Flex, he was Lead System Architect of Advanced Development and System Architectures first at Robert Bosch GmbH and then at Bosch Connected Devices and Solutions GmbH (BCDS) in Reutlingen (Germany). In this position he defined the connectivity technology roadmap that later concluded with the foundation of BCDS as the Bosch subsidiary focused in connectivity and IoT. Before that, he worked in corporate R&D for wireless communication and sensing systems at Sony Corporation in Stuttgart (Germany) where he held the positions of Senior System Engineer and Principal Engineer. Dr. Juan Nogueira holds a PhD in Telecommunications Engineering from the University of Vigo (Spain). He subsequently became an associated professor at the University of Vigo in the Electronic Technology Department, collaborating with industry on projects in the area of industrial field buses. He has written numerous articles and holds 20+ patents in the area of communication protocols, wireless sensor networks and IoT. 1.03: Introduction to Flex and their role in the IoT industry. 5.15: Is security a growing concern with Flex’s customers? 5:40: Why it’s easy to overlook IoT security in the construction industry. 6:28: Security isn't just for high value assets, time is money. 7:56: The business cost of failure when things go wrong? 8:50: Educating customers on IoT security. You cannot just assume thing are secure in IoT. 9:19: Flex’s proactive approach to IoT security. Demonstrating security credentials, adding credibility. 10:20: Introducing the PSA Certified 2021 Security Report: cost is still an issue for OEMs and the main concern for customers. 13:15: There is always room in the Bill of Materials (BOM) to compensate for the additional cost of security, it’s just as necessary as your power supply. 16:28: All markets must consider security, the high-impact industries are leading the way. 18:11: Relationship between IoT, security and machine learning in the edge. 20:10: Flex are not just creating IoT, but also embracing IoT to benefit from AI and digital transformation. 21:50: Opportunities for production lines, and the challenge of technical debt/retrofitting existing machinery, so machines can benefit from digital transformation too. 24:10: The IoT landscape in five years time – IoT will feel like “everyday normal.” 5G will be deployed in both public and private networks. 26:58: Juan’s advice for device security implementations now to secure tomorrow.

    30 min

  7. 06/01/2021

    IoT Software Security with AWS: IoT Security Relies on the Cloud to "prevent scalable attacks"

    Richard Barry joins David to talk about the role of the RTOS in IoT, the increasing complexities that need to be considered when connecting devices to the internet and how security must be a mindset from the beginning of product development. The discussion also covers the coordination of device-side and cloud-side security to look at patterns from a fleet of devices and prevent scalable attacks. Minutes: Introducing Richard Barry and the FreeRTOS project [00:57] Breaking down what an RTOS is [2:04] Real-time use cases – the variety of real-time requirements [4:10] The increase in remote accessibility and the security challenges it brings [5:40] RTOS as the undifferentiating factor in devices [6:48] Internet connectivity and the increasing security complexities it brings [8:10] The role of Amazon in FreeRTOS - making development as quick and secure as possible [9:18] Knowledge gaps in a multi-disciplinary IoT [10:50] The relationship between the RTOS and Root of Trust [13:22] Reference integrations and standardized interfaces to ease the porting to hardware security [14:28] Developer security expertise – the challenge of new concepts, terminology and requirements [15:55] Practical challenges that come with scale [17:35] Developer considerations for lifecycle security [18:40] The importance of demonstrating and educating best practice [19:26] Awareness of the consequences of getting it wrong, the increased legislation and, inevitably, the increased use of the Root of Trust [21:36] The importance of security being the mindset from the beginning [22:37] Evolution of Open Source projects – being driven by market requirements, enabling scalability [23:30] Building confidence in FreeRTOS, with backing and credibility from Amazon [24:30] Simplifying the FreeRTOS software – making it smaller and decoupled to suit the diversified use cases [25:11] Futureproofed strategy for developers – reuse undifferentiating factors [26:42] Coordinating cloud and device security to prevent scalable attacks [27:33] Learn more about PSA Certified www.psacertified.org

    31 min

  8. 15/12/2020

    Cybersecurity Risk Management with Munich Re: "Building-in surety and confidence"

    This podcast takes a slightly different format as we host a panel session as David joins Peter Armstrong, Cyber-insurance expert at Munich RE and Duncan Jones, Senior Product Manager at Pelion.  Peter provides a fresh perspective into the industry and how insurance companies model the risk of the IoT. We discuss where the liability lies and Peter describes how companies can build trust into their products and drive adoption of the IoT at scale with surety, confidence and the backing of insurers. [1:05] introductions to the panellists [2:39] An insurers view on digital transformation, and how new hyperconnected devices are impacting the insurance world [4:25] The evolving portfolio of risk and supply chain responsibility [5:25] Understanding liability across the value chains involved in delivering IoT services [6:05] The importance of the Root of Trust in enabling the trusted deployment of technologies [6:30] The opportunity for insurers from digital transformation [7:35] Broadening the thinking about IoT products to data and services [8:40] Digital transformation across industries - a mass deployment of devices beyond the traditional IoT model [9:30] New technologies driving digital transformation - An individual product has to be trusted. [11:25] Customer challenges, building business applications high up the stack [12:01] With scale of the IOT, we can't scale the expertise to secure these solutions [12:26] Realizing the true potential of the IoT [13:30] An overview of the insurance market, the role of capital availability and trust [14:55] Confidence in the 'worst case scenario' and the challenges this brings for cyber-risk [16:42] The importance of surety and confidence in the embedded processes and devices [17:24] The role of the Root of Trust in modeling quantified risk, minimizing the front-end variables with sufficient transparency [18:30] Challenges that come with scaling the IoT [19:37] Building trust in data to base business decisions upon [20:03] Regulation and standardization: a help or a hinderance? [22:00] The responsibility from chip to OEMs to show compliance locally but ship globally [24:15] The need for a framework and infrastructure for a black and white view of responsibility [24:35] The geographic challenges for insuring the IoT [26:00] Responding to nuance and guidance over mandated views [26:29] The technology industry needs to lead and embrace the requirement for compliance in this evolving environment. [27:00] Final pieces of advice from the panellists to embrace digital transformation with surety and confidence. Useful Links: Explore this topic further in our blog Learn more about Munich RE: https://www.munichre.com/en.html Learn more about Pelion https://pelion.com Learn more about PSA Certified www.psacertified.org

    31 min
See All (15)

Trailer

Ratings & Reviews

5
out of 5
4 Ratings

About

Beyond the Now is an IoT security podcast, brought to you directly from the technology ecosystem. Your host is David Maidment, Senior Director Secure Device Ecosystem at Arm (a PSA Certified founder). He brings over 25 years of experience in the embedded and connectivity industry. In this podcast, David speaks to industry leaders from across the tech sector to discuss their views on the past, present and future of IoT security. In each episode, we dial in on the challenges businesses and consumers face to secure the future of the IoT to create a safer more connected society.

Information

To listen to explicit episodes, sign in.

Stay up to date with this show

Sign in or sign up to follow shows, save episodes and get the latest updates.
Select a country or region

Africa, Middle East, and India

Asia Pacific

Europe

Latin America and the Caribbean

The United States and Canada