Development of Internet of Things (IoT) technology entails more focus on software security.
“How will software security be handled in production, operation and service for our product? This is a question that is increasingly coming up in discussions with companies with industrial and consumer products that want to fully utilize the benefits of Internet of Things technology,” says Mads Doré Hansen at Prevas.
This however, is not a question that can be all that easy to answer because it depends on the desired security level, the capabilities that the product’s hardware and software provide, how the service organization is structured and so forth. It is a big question that requires the establishment of specifications and conducting pilot studies to identify the boundaries between production, service, organization and technology – all to find the solutions that best meet the security challenges facing product owners.
“It’s Prevas’ experience that customers’ demands for a higher level of security will increase at the same time as legislation will become more stringent, and here Prevas can help make the difference with our expertise, size, experience and methodology,” says Mads Doré Hansen.
On the production side, positions must be taken on the generation of security keys, administration and downloading. It is important to decide on the desired level of security within the organization, since it is there that the greatest risks to security exist for the entire product portfolio, and not just for individual products.
Operational security for a product is often associated with secure boot, secure update and network security. There are many standard software components here that can be employed, but they must be correctly used to avoid opening security holes. At the same time, product security cannot dampen the user experience of the product. This means that balancing of the encryption method and implementation suddenly becomes very important.
“When it comes to service we cannot ignore the fact that security can make work more difficult for service technicians,” says Mads Doré Hansen from Prevas. “A ‘shared’ service key for all products simplifies service but always constitutes a security problem. This is why the consequences of a security infrastructure that makes work easier for service technicians must be carefully considered.”
These and many other considerations have become routine for Prevas over the years, which has built up extensive expertise in the field and is constantly providing advice to industrial companies in cryptography and security for both industrial and consumer products.
For more information and follow-up
Björn Andersson, Business Developer, Prevas AB
E-mail: firstname.lastname@example.org, Phone: +46 21 360 1933
Henrik Møller, CEO, Prevas A/S
E-mail: email@example.com, Cell: +45 29 499 202
Søren W. Mathiasen, Sales & Marketing, Prevas A/S
E-mail: firstname.lastname@example.org, Cell: +45 20 997 601