When people’s lives are in danger or at risk, we call it "safety". In the IoT Era, we are connecting all electronic devices to the internet; therefore, security becomes a “Safety” issue. Governments and organisations are already aware of this problem, so they are building security legislation.
This wave will affect all players in the market, but if you are an IoT device manufacturer, the results can be catastrophic.
From now, IoT products must be secure, but to build a secure product, IoT manufacturers must invest in basically seven areas;
1. Building Security and Certification Teams; IoT Manufacturers must hire high-rate security experts. The security experts must be familiar with certification requirements and processes; otherwise, the manufacturers must also hire high-rate certification experts.
2. Building Quality Infrastructure for Security; The IoT manufacturers must build a "Quality Assurance" team and “Quality Infrastructures” for in-door software quality and security testing because security lab assessment cost can be quite high and you would not want the security lab to find your security leaks which increases the assessment process and its costs. It extends project timelines and needs hardware/software and team investments.
3. Security Lab Assessment; There are going to be brand new steps and processes before going to the market. For example, an IoT product must be assessed by a third party authority, called Security Lab. Security Labs are built by security experts and have massive technical abilities to test IoT device security. So, if an IoT product has a security leak, a security lab can definitely find it. Security lab assessment is the true security assurance on an IoT product. But, assessment costs can be quite expensive, especially for innovative startups and SMEs.
The development team must be good enough in certification to pass the security tests for the first time; otherwise, the manufacturers will have to pay for each failing assessment again and again.
4. Certification Costs; Apart from the Security Lab assessment costs, the IoT manufacturers need to pay also "Certification" fee to the Certification Body/Council
5. Additional Manufacturing Costs; To build a secure system, trustworthy (certified) hardware and software products must be used during the design, and security assessments are also mandatory for hardware and software platforms. These platform providers pay for security-specific design plus security assessment costs, and therefore they have to reflect these costs to their products. It means another manufacturing cost comes up for IoT manufacturers.
6. Product Maintenance; A product always needs upgrades for new features or security/bug fixes, and no one can guarantee that further modifications do not introduce security leaks. In this case, a new assessment by the security lab will become necessary, which IoT Manufacturers pay again for critical upgrades each time.
7. Certification Updates; Certifications are evolving processes and certification bodies publishes new versions of the certifications by time. Some versions can be not backwards-compatible with previous versions, so in this case, certification of products with older version can become invalid, and subjects to a new assessment which means a new effort and costs for the IoT Manufacturers.
Conclusion
All these problems negatively raise the "market entry barrier" for small-size innovative players and SMEs. They probably will not be able to survive after these tough challenges and costs.
‘High market entry barriers’ is a problem for all players because if you invest in an IoT product too much, you would want to sell the product for a longer time to cover additional costs. This situation causes to fill the market with expensive and old technologies.
If we don’t find a solution, we will kill the innovation in the most innovative market; the Internet of Things.
At ZAYA, we are a team experienced in security-critical markets, and we are familiar with security and certification challenges and how it affects the market development. So, we are about to announce innovative solutions for manufacturers to solve their problems by lowering the market entry barrier. Please follow us.
Aytac Toptas
Head of Business Development @ ZAYA
aytac[at]za-ya.co
Comments