How Much Security Is Enough for Your Application?
August 30, 2022
We spend a lot of time discussing security, and for a very good reason. Very simply, you don’t want to get hacked. However, many experts will tell you that it’s inevitable. If your platform is connected to the outside world, you will eventually experience a data breach. Hence, the key is to minimize the damage as much as possible.
Something else the experts agree on: if you make it very difficult for the hackers to get in, there’s a good chance they may simply move on to an easier victim.
Both of these points beg the question: how much security is enough? Unfortunately, the answer is, “it depends.” And it depends on a host of factors, with the most important being, “what is my risk if I do get hacked?”
Know the Risks
For better or worse, risk is often counted by the financial folks within the company. For example, they can tell you how much it would cost in dollars if a certain database were to be compromised, or if the brand took a hit, or even if lives were at stake. This conversation brings in the term “risk management” which is exactly what it sounds like; how do you manage the risk that’s attached to your platform.
For example, if someone were able to steal your company’s IP, it would be potentially fatal to the company if that IP were to get in the hands of a competitor. If someone was able to hack into the administrator portion of your manufacturing facility, or something similar to what happened with the Colonial Pipeline, lots of dollars—even millions—could be at stake, as the bad guys could hold you up for ransom to re-start your machines.
The most extreme example is where lives could be at stake, such as in a transportation application. Instances where personal injury or loss of life may be at risk is precisely where security must be a top priority.
Following Industry Standards
One guideline that’s often touted by the embedded-computing industry when it comes to security is IEC 61508, which consists of methods on how to apply, design, deploy, and maintain automatic safety-related protection systems. IEC 61508 applies to most of the applications and industries that fall into the category of industrial IoT (IIoT).
While budget plays a big factor in how much security is used in a design, there are far too many instances where an OEM simply lacks the skill to properly configure or implement security. When that’s the case, the OEM must rely on his embedded computer specialist, such as the experts at WINSYSTEMS. The company’s engineers can help answer that question of “how much is enough” and go through all the options, which range from on-chip to on-board, as well as software solutions.
Shoring Up the Entry Points
Note that there are a host of ways that an attacker can enter your system. Some are quite complex and some are rudimentary. For example, they could come through a CPU or memory bus, or they could simply plug in a USB device and guess at a password. Both methods have been and will continue to be used until entry is denied.
At the end of the day, the responsibility for security sits with the OEM who deploys the final platform. However, working with a trusted partner who has lots of experience in the security aspect can make the OEM’s job far easier.
Security is a key feature of the WINSYSTEMS PX1-C441 SBC, which includes security-enabled TPM 2.0 hardware, an embedded Intel security engine, and cryptographic acceleration.
Trust Your Supplier
WINSYSTEM is an embedded computer specialist with many of its SBCs shipping with built-in security. That includes the company’s PX1-C441 SBC, designed to a PC/104 form factor and featuring the latest generation Intel Apollo Lake-I dual- or quad-core SoC processors for processing embedded workloads. Users can easily expand the SBC’s functionality through its PCIe/104 OneBank expansion. On the security front, the PXI-C441 ensures secure and trusted data through the use of security-enabled TPM 2.0 hardware, an embedded Intel security engine, and cryptographic acceleration.
A second SBC that’s garnering a lot of attention thanks to its advanced security features is the WINSYSTEMS’ COMeT10-3900 COM Express Type 10 Mini module. It ships with on-board TPM 2.0 hardware along with Intel’s latest security engine.
A key feature of the COMeT10-3900 is the simplicity and cost effectiveness of upgrades, as it’s designed to the COM Express standard.
The bottom line is there is a right answer to the question “how much security is enough?” Make sure you know that answer for your embedded computer.