Home Enterprise Microsoft Azure Sphere Security Overview

Microsoft Azure Sphere Security Overview

by Juan Mulford
Microsoft Azure Sphere

Today’s world is ruled by digital technology, where the Internet of Things (IoT) plays a prominent role for our everyday life and to enterprise businesses. IoT is a technology that, simply put, transforms any tech device into a more intelligent one. These are always-connected devices taking advantage of cloud computing, allowing sharing and analyzing data to give the required output. Accordingly, IoT manufacturers and application developers are reaching new benefits, doing more compute and analytics on the devices themselves.

Today’s world is ruled by digital technology, where the Internet of Things (IoT) plays a prominent role for our everyday life and to enterprise businesses. IoT is a technology that, simply put, transforms any tech device into a more intelligent one. These are always-connected devices taking advantage of cloud computing, allowing sharing and analyzing data to give the required output. Accordingly, IoT manufacturers and application developers are reaching new benefits, doing more compute and analytics on the devices themselves.

The Internet of Things is transforming everyday “things” into an ecosystem that enhances our lives and makes it more amenable. On the other hand, from a business perspective, a critical benefit of IoT is the capability to be integrated into almost all industries, because of its wide range of applications. Healthcare, retail, home automation, industrial, transportation, are some of the key IoT applications. Whatever the case, businesses are on the edge of being able to not only connect devices to the internet but to use the potential of their data to provide priceless insights to organizations, improve operational performance, and boost productivity. However, internet always-connected devices create a two-way-street, putting at risk critical organization products and equipment, that are now even more prone to cybersecurity threats.

Microsoft Azure Sphere

While IoT enhanced human interaction in ways we never required before, this end-to-end solution yet must allow us to build and connect a secure device ecosystem. And security is precisely the matter still concerning users and organizations. Since IoT connects all the devices to the Internet, the devices become vulnerable to multiple security threats such as lack of physical hardening, software vulnerabilities, data integrity risks, malware and ransomware attacks, poor network visibility, and more. To make sure the IT operations remain protected, IoT developers need to keep in mind all these security issues when deploying these modern devices. Given these concerns, large companies and cybersecurity researchers are giving their best to make things better for the end consumers. Microsoft, using its decades of experience in hardware, software, and cloud, with Azure Sphere, aims to provide security solutions for IoT devices.

Another critical reason to be concerned about IoT data is its integration and management with numerous devices and distributed architecture. IoT integrates multiple sensors, microcontrollers, communications modules, actuators, and cloud platforms into physical devices. They are continually establishing communication between them and additional computing devices, including servers, workstations, laptops, smartphones, and the cloud itself. In this interconnected ecosystem, remote actors could alter or monitor not just the digital environment but also the actual physical environment.

Microsoft Azure Sphere, the security solution for IoT devices 

Delivering security properties for the future of connected devices is an integral part of the IoT. While organizations may realize the problem, it can quickly become complicated, since the industry is still maturing. Current microcontrollers, used in most of the connected devices, existed before IoT; and they can no longer guarantee the security demanded by connected systems. Microsoft has recently released a new solution to face this problem, the Azure Sphere. This Microsoft solution reached GA a couple of weeks ago, which means that the platform is now ready to match the scale of production deployments. Azure Sphere is a secured, high-level application platform with built-in communication and security features for cross-industry IoT devices.

The Azure Sphere platform consists of the integration of three key technical components working as one: a brand-new secured silicon chip, the Azure Sphere OS, and the Azure Sphere Security Service. These components unite to create an end-to-end solution targeting IoT-related organizations to have the very best about making internet-connected devices secure.

Azure sphere components

Certified Azure Sphere’s chips are built by Microsoft’s silicon partners, so they possess the hardware root of trust needed. Microsoft assures that as starting in the silicon itself, these are chips that provide a foundation of security while providing connectivity and compute power for the devices. Then, there is the Azure Sphere operating system (OS). Microsoft’s custom, Linux-based microcontroller operating system that runs on the certified chips and connects to the third component, the Azure Sphere Security Service (AS3). Microsoft AS3 connects every single Azure Sphere chip with every single Azure Sphere operating system; and works with the operating system and the chip to keep the device secured throughout its lifetime. Further, these three components create and provide a secure software environment for IoT application development.

In addition to hardware, and as if those three components were not enough, Microsoft adds a fourth one. Microsoft’s staff and all their security expertise. With this human component, the company provides ongoing security monitoring, upgrades, and improvements of Azure Sphere devices and the entire ecosystem.

Furthermore, another significant aspect of the Azure Sphere solution is its capability to add protections for older IoT devices via the Guardian Module. Guardian modules provide a way to implement secure connectivity in existing devices without exposing those devices to the internet. These devices are part of Azure Sphere chips and support connections to the AS3 for security checks and automated patching.

Seven properties for highly secured devices

Putting the focus on Cybersecurity Solutions, Azure Sphere was designed based on Microsoft Research’s position on the seven properties required of highly secure devices. The company says that these properties can be easily built into your IoT ecosystem with Azure Sphere.

  • Hardware-based root of trust:This guarantees that a device is running only genuine, up-to-date software before it can connect to the rest of the internet.
  • Defense in depth:More layers of defense make it harder for an attacker to gain access to a device’s most sensitive secrets. More sensitive areas are put behind greater layers of defense.
  • Small trusted computing base: A trusted computing base should be kept as small as possible to minimize the surface that’s exposed to attackers and to reduce the probability that a bug or feature can be used to compromise it.
  • Dynamic compartmentalization:Boundaries between software components can prevent a breach in one component from propagating to others. Dynamic boundaries can be moved and redrawn safely.
  • Certificate-based authentication:Passwords can be the weakest link in many security systems. Certificate-based authentication eliminates the need for passwords to manage a device.
  • Error reporting:Early detection, analysis, and response to errors is critical to stopping threats before they cause significant damage.
  • Renewable security:The ability to deploy ongoing software updates is essential to tightening a device’s defenses and shutting down vulnerabilities.

Early Integration

Last year, Microsoft, in collaboration with Innodisk, introduced one of the first solid-state drives (SSD) built with Azure Sphere, the InnoAGE SSD. Innodisk is a developer of industrial embedded technology based in Taiwan. Technically, InnoAGE SSD designed firmware receives commands from Azure Sphere via a secure connection to Azure Cloud. The device can gather data and provide administration over the cloud. Through Azure Cloud, this end-to-end solution allows Azure Sphere to provide software updates, remote monitoring, data security, analytics, and control. Supposedly, this is the world’s first SSD that has been integrated with Azure Sphere.

Conclusion

As IoT keeps growing in importance for industrial use, businesses also start to take advantage of its benefits. IoT empowers organizations to automate processes and save money on operations. However, as we can connect particular devices in enterprise ecosystems to the internet, cybersecurity threats become a real concern. Seeking to reinforce IoT and its security challenges, Microsoft has been heavily investing in Azure Sphere, bringing a high level of security to industrial and home devices.

Holding vast experience in internet security, Microsoft focuses on three key components and seven security properties to create the foundation for Azure Sphere. This comprehensive IoT security foundation supports industrial IoT operations on a chip with robust hardware security, a secure OS, and a cloud security service that monitors devices and responds to emerging threats. Whether in the cloud or the device itself, the Azure Sphere security standards provide a level of defense against attacks, currently making it nearly unmatched by other IoT devices.

Azure Sphere

Discuss on Reddit

Engage with StorageReview

Newsletter | YouTube | Podcast iTunes/Spotify | Instagram | Twitter | Facebook | RSS Feed