You are here

IoT’s lesson from PCI: Commercial motivation is Crucial | サイプレス セミコンダクタ

IoT’s lesson from PCI: Commercial motivation is Crucial

This is part two of What IoT can learn from the Payment Card Industry

We ended part one discussing the IoT industry’s need for managing costs associated with security, and how the payment industry addressed this through normalization. However, IoT application and infrastructure fragmentation is much greater than the homgeneous PCI market.  Each component of a total IoT product – cloud platform, connectivity, end application – has multiple variations. AWS or Azure? Wi-Fi or LTE? Thermostat or Smart Speaker?  These variations make it difficult for a normalizing effort for security to emerge. However, there are early signs athat progress is being made.

One example of a normalizing force is government-led legislation and policies. In the US, California has made the first move with the California Consumer Privacy Act (SB-327). Similar legislation is being put forth in at least nine other states (as of this writing), adding to the momentum. In Europe, the EU and the European Telecommunications Standards Institute (ETSI) both have active initiatives that are attempting to address end-user privacy.

Industry-led initiatives also have a normalizing effect. One of the more visible efforts is the Platform Security Architecture (PSA) initiative. It is safe to say that the vast majority of IoT devices today incorporate at least one Arm processor. As such, Arm is leading this initiative to make security implementation easy and cost effective for devices that use their processors.

Cypress welcomes these normative efforts. They increase consumer awareness, and they serve to offer commercial motivation in the form of legal compliance and operational expense efficiency. This is important because normative efforts must address commercial motivation to be credible, and therefore to be effective.

These efforts are still taking shape. So, what can a secure IoT solution provider like Cypress offer in the mean time? Our approach is to provide an embedded security foundation that aligns to the commercial motivations that these efforts present. Specifically, this means:

  • Providing supply chain cost efficiency by offering standard, off-the-shelf secure devices with customization occuring later in the supply chain. This eliminates the costs of special handling and customized product inventory prior to devices being purchased. In addition, provisioning occurs as an extension of programming. All MCUs with embedded Flash require programming, and bear supply chain overhead to do so. Sharing this overhead with provisioning extracts efficiency.
  • Supporting any cloud. Maintaining control over data privacy is essential and depends upon managing device and network integrity. Secure device management is a critical capability that tends to have implementation dependencies on the cloud platform, including proprietary platforms. Flexiblity is an important enabler for competitive differentiation.
  • Using standardized embedded secure services, which are available for the embedded system, enables design reuse, and standard APIs for secure cloud applications such as firmware update. This secure by design approach yields efficiency for engineering, network operations, and for legal compliance.

More specifically, Cypress is tackling this issue with solutions based on our PSoC 64 Secure MCUs. PSoC 64 based solutions have been developed with the entire IoT device lifecycle in mind, and therefore, specifically provide the benefits that align to the normative efforts that are underway.

We’re still a long way from the finish line, but Cypress is committed to the cause – your cause! We’ll always be there for our customers and ecosystem partners to ensure their products meet the latest security standards while also aligning to the commercial.

このサイトに掲示されているすべてのコンテンツと資料は、「そのままの状態」で提供されます。サイプレス セミコンダクタとその関連サプライヤは、これらの資料について、いかなる目的への適合性をも表明することはありません。また、これらの資料について、すべての保証や条件を放棄します。これには、暗示的な保証および条件、商用性、特定の目的への適合性、すべてのサードパーティの知的財産権に対する権利と非侵害などが含まれますが、これらに制限されることはありません。サイプレス セミコンダクタにより、明示または暗示にかかわらず、禁反言などによるライセンスは、付与されないものとします。このサイトに掲示されている情報の使用には、サードパーティまたはサイプレス セミコンダクタからのライセンスが必要となる場合があります。

このサイトのコンテンツには、特定のガイドラインや使用制限が含まれている場合があります。このサイトにおけるすべての掲示やコンテンツの使用は、サイトの利用規約に準じて行われるものとします。このコンテンツを使用するサードパーティは、制限やガイドラインに従い、このサイトの利用規約を遵守するものとします。サイプレス セミコンダクタとそのサプライヤは、コンテンツや資料、その製品、プログラム、サービスに対し、いつでも修正、削除、変更、改善、向上、その他の変更を加える権利を有します。また、いかなるコンテンツ、製品、プログラム、サービスを予告なく変更または閉鎖する権利を有します。