We recently conducted a survey on the state of data security for embedded developers and the projects they are working on as a way to gauge the security concerns of the industry. We wanted to get developers’ opinions on everything related to embedded security, including how they are keeping data secure, if they foresee future projects requiring more security and which security risks they consider are the most important.
As embedded devices become more complex and are relied upon to collect, store and transmit larger amounts of data, the importance of security has also grown more critical. In all industries we serve at Datalight, security is necessary. But it is especially vital in industries like medical, aerospace and defense that not only handle sensitive data, but also face major issues if something like a power loss puts that data at risk. However, no matter what industry a device was developed for, we know the need for protection of critical data will continue to grow.
Our survey respondents represent all segments of the embedded industry, with the most coming from industrial automation, followed by automotive, network/telecom and medical. The responses yielded some interesting findings the most telling of which was that 66% of respondents said their current projects require protection of sensitive data, whereas 82% predict needing to protect sensitive data in future projects. Some of the reasons cited for security as a requirement included industry regulations like HIPAA, loss of revenue due to 3rd parties hacking the product configuration and my favorite “twitchy security experts reading horror stories online.” In all seriousness though, the sheer quantity of data being capture coupled with growth in autonomous systems that make decisions based on captured data help explain the result.
Data on embedded devices face threats of many kinds, making the definition of security somewhat broader than we expected. Our findings suggest that embedded developers see the most critical threats coming from loss or corruption of data due to hardware failure or due to unexpected power loss. Both of these issues were identified as “extremely critical” by around 75% of respondents. Slightly more than half of you are concerned about insertion of malicious code. Exposure of personal data while at rest or in flight (40%), and exposure of proprietary programming/trade secrets (33%) are also important areas.
This sparked my interest because as a consumer, I think of security primarily as protecting data from another person attempting to access or change it, not some sort of system error or environmental failure. Though, in embedded devices that are expected to work for years, these kinds of failures do tend to be the most common ways data is compromised.
I found the approaches to protect data at risk interesting as well. Respondents were allowed to choose multiple answers, and the top three were: encryption in the application (60%), encryption in the file system (50%), then encryption in the operating system (40%). As we look for ways to improve the products we deliver to make data not just safe from corruption due to power loss but also impenetrable from outside threats, the approaches you prefer will help inform our product direction in ways that should help you get secure products to market faster.
What are your answers to some of the questions above? Do they differ from the answers we collected? Also, did you know that Reliance Nitro features a plug-in interface for encryption?