Microsoft announces new IoT security products

Microsoft has announced new IoT security products [Image: artisteer via iStock]

Microsoft has announced a range of new products designed to secure Internet of Things (IoT) devices.

Microsoft previewed its Azure Sphere, a new solution for creating highly-secured, Internet-connected microcontroller (MCU) devices, at the RSA 2018 conference in San Francisco.

Explaining that all IoT-connected devices now have MCUs, Microsoft highlighted the need for these to be secure, pointing out how typical devices, such as kitchen appliances, could become compromised.

According to Galen Hunt, partner managing director of Microsoft Azure Sphere, it is vital that “we proactively address this emerging threat landscape with solutions that can keep pace as connected MCUs ship in billions of new devices ever year”.

He said that is why the company introduced Azure Sphere, which includes three components that work together to protect and power devices at the intelligent edge.

These include Azure Sphere certified microcontrollers (MCUs), which he explained are a new cross-over class of MCUs that combines both real-time and application processors with built-in Microsoft security technology and connectivity. Each chip includes custom silicon security technology from Microsoft.

Microsoft is also introducing Azure Sphere OS. The system is purpose-built to offer security and agility. Mr Hunt said that, unlike the real-time operating systems that are common to MCUs today, his company’s “defense-in-depth IoT OS offers multiple layers of security”.

He explained that it combines security innovations pioneered in Windows, a security monitor, and a custom Linux kernel to create a highly-secured software environment, as well as “a trustworthy platform for new IoT experiences”.

The third product being offered is the Azure Sphere Security Service. Mr Hunt described it as a “turnkey, cloud service that guards every Azure Sphere device”. He explained that it brokers trust for device-to-device and device-to-cloud communication through certificate-based authentication, detecting emerging security threats across the entire Azure Sphere ecosystem through online failure reporting, as well as renewing security through software updates.