Microsoft Wants to Improve IoT Security with Edge Secured Core Devices


Microsoft is expanding a certification program to security of Internet of Things (IoT) devices

Microsoft’s core secure concept was initially intended to improve the security of software interfaces for Windows 10 hardware in 2019 and two years later brought it to firmware for servers running Windows Server and Azure Stack HCI

Secured-core is not aimed at consumer devices, but is intended to assure enterprise customers that Windows has been certified as secure by Microsoft on non-Microsoft hardware. The concept was inherited from Microsoft’s Xbox division, which has a more vertically controlled hardware and software stack than the Windows ecosystem.

TO SEE: Don’t let your cloud cybersecurity choices open the door to hackers

In addition to desktops and servers, Microsoft also has the “Edge Secured-core” program – a security certification for IoT devices operating at the edge of networks, the Azure Certified Device program. It is for devices connected to Microsoft’s Azure cloud service.

Microsoft says that devices certified under this program will receive updates for at least 60 months from the date vendors submit their devices to the program. That’s as long as Google’s commitment to patch its own Android Pixel phones for five years

Microsoft says the program ensures that devices have a hardware-assisted identity when they connect to Azure IoT Hub and use the IoT Hub device provisioning service. Devices are also certified for system integrity with respect to the processor, firmware, and operating system, and certified to encrypt data on the device and while data is in transit.

“IoT devices such as gateways, which are often used to connect downstream devices to the cloud, need inherent support for protecting data in transit. Edge Secured-core devices help support up-to-date protocols and algorithms used for data-in-transit encryption,” say Deepak Manohar, Lead PM Manager, Azure Edge and Platform Security.

Devices Microsoft has certified to date include: ASUS PE200Lenovo ThinkEdge SE30Intel’s NUC 11 Pro Mini PC and Asus’s AAEON SRG-TG01† They are now listed in the Azure certified device catalog and although they are major vendors, the devices represent a fraction of the thousands of IoT device models on the web.

“We’ve added this new device certification to our Edge Secured core platform to make it easier for customers to select IoT devices that meet this advanced security designation,” said Manohar.

IoT devices are low hanging fruit for hackers. The US announced last week that it had dismantled a massive Russian-run botnet operated as a proxy IP address service for several years and was used by cyber criminals for login credentials on website login pages.

The botnet was built by its operators using software that automated password guessing for a range of Internet-facing devices, such as routers and smart TVs, which often come with default passwords documented in publicly available support manuals.

Leave a Comment

Your email address will not be published.