Cover Image
市場調查報告書

建立安全的連接設備

Building Secure Connected Devices

出版商 VDC Research Group, Inc. 商品編碼 301563
出版日期 內容資訊 英文 19 Pages; 30 Exhibits
商品交期: 最快1-2個工作天內
價格
Back to Top
建立安全的連接設備 Building Secure Connected Devices
出版日期: 2014年05月08日 內容資訊: 英文 19 Pages; 30 Exhibits
簡介

本報告提供安全連接型內建式設備的設計·建立用最佳業務實踐之討論及分析,提供技術類型,產品分類及產業市場的市場分析·批判性考察,網羅以VDC最近所進行的OEM內建式設備工程師為對象之安全調查結果,為您概述為以下內容。

摘要整理

  • 主要調查結果

簡介:Table Stakes的安全

連接暗示的漏洞

  • 幾乎所有調查對象的OEM目前都在製造複數的連接產品
  • 局域網(LAN)功能依然比網際網路或雲端都普及
  • 有線乙太網路是最普及的連接

安全性開發過程

  • 被廣泛導入的編碼分析工具
  • 選擇編碼分析工具供應商的要素
  • 沒被活用的模糊測試
  • 滲透測試雖然普遍,但卻未廣為適用
  • 滲透測試:OEM vs. IT管理者

安全功能

  • 加密·認證是最常見的安全功能
  • 選擇安全功能供應商的要素

安全的OEM商務預測

  • 安全問題拖延了產品化所需的時間
  • 安全功能使設備價格上升
  • 盈利中立的影響

附加的分析

關於本調查

目錄

Inside this Report

This report discusses and analyzes best practices to design and build secure connected embedded devices. Market analyses and critical considerations will be offered across technology types, product categories, and industry sectors. The report integrates selected findings from VDC's recent security survey of OEM embedded device engineers.

What questions are addressed ?

  • What steps should engineers take to build secure devices?
  • What commercial technologies are OEMs using to address security requirements, and what are the selection criteria for those solutions?
  • How are the roles of OEM engineers evolving to address security?
  • What factors are most important in the selection of security solutions vendors?
  • How is the need for security impacting OEMs' businesses?

Executive Summary

Embedded device connectivity is at the core of the Internet of Things, and security risks come along with the territory. OEMs must integrate security procedures, such as code analysis and penetration testing, in their product development processes, and they must add security features to their products. Nearly every aspect of an embedded device can be protected by one or more security solutions, but no individual solution should be considered impenetrable. And the need for security increases time-to-market and engineering costs, although most OEMs are able to compensate by increasing their prices.

[Data available in full report]

Key Findings

  • XX% of OEMs surveyed have connectivity in at least some of their embedded devices, although wired connections and local networking are still more prevalent than wireless connections and Internet- and cloud-based connectivity.
  • More than XX% of OEMs surveyed already use static code analysis tools in their software development organizations.
  • Less than half of OEMs conduct penetration tests on their products, and only one quarter conduct fuzz testing.
  • Authentication and encryption are the most commonly employed security features in embedded devices.
  • Security has a relatively neutral impact on OEM profitability.

Introduction: Security as Table Stakes

Several years ago, device functionality was enough to sell embedded products in most vertical markets. Of course there were exceptions, such as critical infrastructure, aviation, and military, for which security was always of importance. But today's environment has evolved on two fronts. First, end users across nearly all verticals are demanding Internet connectivity to access and control devices as well as to aggregate and analyze data. Second, the magnitude of security threats has exploded, driven by hackers of both the troublemaker and money-seeker varieties, and fueled by the increasingly complex nature of systems that are ever more challenging to protect.

Prospective buyers of embedded devices and systems are now demanding security, without which salespeople for OEMs might not even be able to get a foot in the door. The more sophisticated buyers are asking detailed technical questions about security that often require multiple rounds of engineering-level responses. In some markets, such as industrial automation, OEMs face a barrage of security questions from both IT and operations departments, making OEMs' security tasks doubly difficult. And in markets involving sensitive personal or financial data, such as medicine and banking, government regulations mandate new levels of device security that may change periodically, requiring security modifications to existing systems. Engineers at many OEMs are confronting these security challenges for the first time, either proactively in planning for new products or reactively in response to breaches that have occurred in their products. Without having security experts on staff, they may not know how to address security concerns. Due to cost pressures, they may opt to roll their own security solutions at the risk of either reinventing the wheel or missing important vulnerabilities. Even OEMs who have successfully handled device security in the past may be faced by new threats and vulnerabilities introduced through cloud-based data storage and device control. Embedded devices are no longer standalone entities; they are elements of systems, the security of which may only be partially under the control of the device maker.

Connectivity Implies Vulnerability

No device connected to the public Internet should be considered impenetrable simply because impenetrability is impossible to prove. The best one can hope for is proof that no currently known method has yet penetrated the device in a publicly disclosed manner. (The device may in fact be impenetrable, but device makers set themselves up for potential breaches and greater damage from breaches if they assume impenetrability.)

As we noted in a prior VDC View document entitled “Secure Hardening of Embedded Devices,” OEMs are advised to apply multiple levels of security to their connected devices under the assumption that device perimeters may be virtually penetrated. In this report, we examine how OEMs actually go about securing their embedded devices in the context of connected systems.

In March and April 2014, VDC Research conducted a survey of engineers at embedded device OEMs. (Note: the respondents to this particular survey were highly qualified engineers, so their responses may reflect higher usage rates of certain product technologies and development tools compared to the overall population of engineers.)

As shown in Exhibit 1, XX% of survey respondents said their companies make at least some products that include connectivity features. While this does not imply that XX% of all embedded products are connected, it does imply that nearly all product makers face security issues associated with connectivity.

Exhibit 1: Nearly all OEMs surveyed now making some connected products

Of course, not all connectivity is intended for the Internet, as shown in Exhibit 2. Local area networking is still the most common type of connectivity. This is particularly the case in vertical markets such as industrial automation, where the perceived security risks of Internet connectivity may outweigh the current benefits. Nevertheless, in our survey, more than half the respondents developed products designed to handle some form of Internet- or cloud-based activities, and VDC expects that portion to continue to increase considerably in the coming years.

Exhibit 2: Local area network functions still more prevalent than Internet or cloud

About this Report

VDC Research's i2: ideas & insights reports provide clients with deep insights into product, market, channel, and competitive strategies and tactics. Using deep and rich datasets based on extensive primary research, the i2 reports provide clients with the insights they need to make strategic decisions for their business about the markets they are in and the markets they want to be in. Coverage includes a combination of market sizing, segmentation, forecasting, end-user requirements analysis, competitive analysis, and more.

XX Commercial in Confidence.

Table of Contents

Executive Summary

  • Key Findings

Introduction: Security as Table Stakes

Connectivity Implies Vulnerability

  • Exhibit 1: Nearly all OEMs surveyed now making some connected products
  • Exhibit 2: Local area network functions still more prevalent than Internet or cloud
  • Exhibit 3: Wired Ethernet most prevalent connectivity

Secure Development Processes

  • Exhibit 4: Code analysis tools widely adopted
  • Exhibit 5: Factors for choosing vendors for code analysis tools
  • Exhibit 6: Fuzz testing underutilized
  • Exhibit 7: Penetration testing common, but not universal
  • Exhibit 8: Penetration testing by OEMs vs. IT administrators

Security Features

  • Exhibit 9: Encryption and authentication most popular security features
  • Exhibit 10: Factors for choosing security feature vendors

OEM Business Implications of Security

  • Exhibit 11: Security increases time-to-market
  • Exhibit 12: Security features raise device prices
  • Exhibit 13: Neutral impact on profitability

Additional Insights

Back to Top