It takes an army of trained, licensed, and accredited professionals to build a skyscraper in most cities around the world. But what about the software platforms and machine learning tools that have become crucial components of the world’s financial, military, medical, and communications ecosystems?
The critical software and technical systems we rely on daily are like invisible skyscrapers all around us — yet we often don’t know who designed them, how they were constructed, or whether they hide defects that could lead to massive inconvenience, financial chaos, or catastrophic failures.
You’ve just been hired as an architect in an up-and-coming startup. The company has the most brilliant and innovative idea for a smart device that will make you all rich. Your job description is very interesting, and your first mission is to ensure that what the company builds is secure.
First of all, congratulations are in order: Just by thinking about security, your company is already miles ahead of everyone else in the internet of things (IoT) space. As the joke goes, the “S” in IoT stands for “security.”
Why would the IoT be a special case? What’s different about it from any other project? Pick a secure development life cycle (SDLC) framework, shift your security left as much as you can and surely the result will be secure by design, right?
…For all the many advances in IoT technology, security remains a thorny stumbling block.
“With IoT, companies face a monumental challenge: applying digital security to processes that have never before been digitized,” sums CompTIA’s Robinson in his “2019 Trends In Internet Of Things” study published in February of this year.
The problem is especially acute among small business that heretofore never thought their systems would fall prey to cybersecurity attacks.
“Small businesses are the least prepared for the security demands of IoT,” Robinson notes. “For many years, small businesses operated under the assumption that their digital assets were not at risk from cyberattacks. To some extent, this may have been true, but the situation has changed; all data has value, and breaches can cause more disruption than ever. The risk is magnified when physical assets and processes can be hacked.”
Embedded programming has a long history of making devices do what people need. However, it remains largely overshadowed by application programming. When application programmers were embracing relatively high-level object-oriented languages like C++ or Java, or graphical application development environments like MATLAB, embedded programmers were only moving from into C. They were always outnumbered by app programmers. Today, even hobbyists can develop an app using an easy language and share it with the world, while embedded programmers need to have deep knowledge of hardware and firmware, and how to write programs that can execute in often highly resource-constrained environments.