Arm’s David Maidment on the importance of prioritising security
Security should be the cornerstone of digital transformation. Businesses, governments, and industry are fast mandating best-practice security as the world continues to digitise. The PSA Certified 2022 Security Report - an annual audit of industry perceptions and intentions around IoT security - predicts that 2022 will be something of a turning point. Companies are actively seeking to close the gap that has previously existed between the pace of digital transformation and the speed of security provisions to accompany it. Here are the five main takeaways: The proliferation of connected devices is becoming more evident than ever The pandemic has accelerated digital transformation across all aspects of the business value chain. Global spending on the digital transformation of business practices, products and organisations is forecast to reach $2.8 trillion in 2025. The pace at which the pandemic connected our digital and physical worlds through data has underlined the huge potential for the IoT to be an agent for positive change. But it has also exposed and exacerbated the severity of digital risks within our more connected world. Indeed, one in five technology decision makers polled worked for companies that had been victims of hacks due to vulnerabilities in third-party products or services and over a third agreed that distributed working has increased the likelihood of IoT hacks. Companies are prioritising security As we continue to rapidly scale the deployment of connected devices, security is now cementing its position at the heart of business strategy. 88% of survey respondents agreed that security is a top three priority for their business, increasing as a priority in the past 18 months. Nearly all respondents recognise that having security in their products positively impacts their bottom line and almost half of those prioritising security stated that building a ‘security-first culture’ was their top focus. The impetus for best practice security is clear. Whatever the connection, or the means of delivery, the connected future is about deploying digital services at scale. And that means establishing trust in those devices, the data and the services that come from them. The knowledge gap around security needs to be addressed The World Economic Forum estimates a gap of more than 3 million security experts worldwide. Our data echoed the need to upskill and add security expertise, as nearly a third of global tech decision makers view a lack of security specialists as one of the main barriers to IoT security implementation, followed by a lack of understanding of security and the complexity of implementation. Cost was also a barrier to executing stronger security, both in terms of physical dollar costs and the cost of security experts and independent evaluation. Collaboration, collective action, and a common language are critical to helping the IoT scale Democratising skills, best practice and expertise is critical to delivering widespread assurance in connected devices. With 96% of technology decision-makers agreeing they would be interested in an industry-led set of guidelines on IoT best practices - a considerably higher finding than the 84% in 2021 - the desire for guidance is higher than ever. Building on trusted components, embracing easy-to-use frameworks, evaluations and certifications play a major role in this. Currently, 70% of global tech decision makers admit that, while they value seeing security credentials on products, they don’t know which security credentials to look for when buying for their company. Clearly, a common language and an agreement on what to aim for is needed to get to the next stage of IoT security. Root of Trust (RoT) and trusted components are being recognized as the heart of secure digital transformation Trusted components are fast growing in importance with IoT decision-makers as the ecosystem looks to establish trust at all stages along the value chain. It’s crucial that devices are built with trusted components including a Root of Trust (RoT) - the trusted area of the device where all the secure operations take place. 68% of those surveyed recognized trusted components as essential for creating secure devices. IoT security has moved well beyond the stage of early adopters and the direction of travel is clear: no longer is it optional, but foundational. Security must be integrated into every device, process, company, and culture if we are to take advantage of its potential as an enabler of digital transformation. Through collaboration and collective action, we can create the IoT we need, together.