Cloud platform and device security
Embedded security is key for connecting devices securely at scale to cloud and IoT services
Clouds, edge servers and edge devices, such as on-premises gateways, are connected to a multitude of IoT devices in environments such as smart infrastructures, smart cities, smart factories and smart homes.
Moving customer IP or other confidential information from IoT devices to the cloud or edge can increase the risks of attack to that data. It is therefore of utmost importance to properly protect cloud and edge server platforms along with connected IoT devices. This creates an uninterrupted chain of trust across cloud architectures. Compute-intense applications capable of autonomous decision-taking make the need for security even more pressing.
With millions of devices connected to the IoT, both manufacturers and consumers need to be sure that the identity of each and every device is genuine and secured. Device manufacturers are thus challenged to protect both the identity and integrity of all elements in a cloud-connected system, whether those elements are cloud servers, compute-intensive edge servers, consumer devices or IoT end nodes such as sensors. This protection is the very basis for secured cloud connectivity and essential to enable secured zero-touch provisioning and secured lifecycle management of IoT devices.
The best protection possible will be achieved by combining software security mechanisms with robust hardware-based security capabilities based on globally accepted industrial and IT security standards:
Our OPTIGA™ portfolio of security solutions provides the strongest form of identity and integrity protection, secured key provisioning and lifecycle management of cloud-connected edge and end-point devices. Through their rich encryption functionality, our OPTIGA™ TPM security controllers offer robust protection for critical data and processes residing on cloud servers, edge servers, and high-performance edge devices. OPTIGA™ Trust X and OPTIGA™ Trust M are ideally suited to securely connecting end nodes to trustworthy edge devices and to cloud networks.
Our security solutions are being validated by leading global cloud service providers, e.g. Amazon Web Services (AWS) and Microsoft Azure etc., to confirm ease of integration and optimum interoperability in their platform architectures.
Cloud connectivity based on our solutions is faster and more secure than a software-only approach. We deliver hardware-based security solutions designed specifically to harden the identity and protect the integrity of cloud- and edge-connected devices.
The OPTIGA™ security solutions serve the entire cloud ecosystem:
- cloud service and platform providers
- manufacturers of ICT server equipment and high-performance edge devices such as gateways
- makers of connected industrial and consumer IoT devices and IoT end nodes such as sensors.
Integration and deployment made easy
All of our OPTIGA™ products are characterized by ease of integration and compliance with rigorous cloud security standards. Standout features include a lightweight host code for easier deployment, ready-to-use toolkits, and open-source software stacks.
Reflecting our commitment to ease of deployment, we complement our best-in-class hardware with a software development environment that simplifies the integration and secured delivery of IoT applications for customers. Much of this work is open source and available on public repositories such as github.
Connect securely to Microsoft Azure:
- Explore our Tools & Software section below
- Read more on the Microsoft Azure whitepaper "Selecting the right secure hardware for your IoT deployment"
- Explore our training section and learn more on provisioning devices securely and at scale to Microsoft Azure IoT platforms
Connect securely to Amazon Web Services (AWS)
From manufacturing to de-commissioning, developers must protect their IoT application from hacks and safeguard user privacy through every stage of their application's lifecycle. Cypress has collaborated with Amazon Web Services (AWS) to make device management secure, easy-to-use, and cost-effective with Cypress' PSoC® 64 Standard Secure - AWS MCU and AWS IoT Core.
The Arm® Cortex®-M0+ core in the PSoC 64 Standard Secure AWS MCU serves as a security co-processor, isolated from the Arm Cortex-M4 core. This security co-processor comes configured with a hardware-based root-of-trust and runs Trusted Firmware-M security firmware, enabling secure boot and secure firmware updates along with other secure services.
PSoC 64 AWS Standard Secure MCUs have been FreeRTOS™ qualified and designed to work seamlessly with AWS IoT Core. All a developer needs to do is focus on their application running on the Arm Cortex-M4 core. Secure firmware deployed on the Arm Cortex-M0+ core takes care of the rest. Wireless connectivity stacks for Cypress Wi-Fi® and Bluetooth® products are natively supported, helping to speed up development time.
PSoC 64 Secure MCUs can be securely provisioned and deployed at scale. Cypress has worked with third-party HSM and programming partners to deliver cost-effective, secure provisioning services, eliminating the cost and overhead in deploying your own secure HSM. In addition, PSoC 64 MCUs can be provisioned using off-the-shelf inventory without restrictive procurement terms.
Learn more: AWS IoT Core
This Industry 4.0 scenario shows the connection of a smart, secured and energy-efficient IoT end node (smart pump) to the AWS cloud. It illustrates how Infineon products have been integrated to deliver on the key drivers and success factors for smart factories:
- Energy efficiency
- Smart & highly connected factories (supporting industrial buses, interfaces, etc.)
- Robust security and protection of the device ID
- Integration with on-premises cloud & cloud concepts (Amazon FreeRTOS, AWS IoT Greengrass)
The diagram shows a smart aircon and a smart lighting use case. The lighting and aircon systems are controlled by an AI sensor hub, which communicates with the Amazon Web Services (AWS) platform over a secured connection.
One key function of the AI sensor hub is to detect the presence of home occupants and determine what zone they are in. It uses Infineon’s XENSIV™ 24 GHz radar sensor to do this.
This information is then sent to the AWS cloud securely thanks to OPTIGA™ Trust X, which is a tamper-resistant hardware trust anchor that securely stores the private keys and certificates.
AWS processes the information and sends commands back to the smart home, for example turning the aircon on/off or adjusting the fan speed and swing mode depending on the location of the occupants.
In addition to securing the data exchanged between the smart home hub and AWS, OPTIGA™ Trust X can be used as a trust anchor to verify the identity of these smart devices by means of mutual authentication.
- Explore our training section and learn more on provisioning devices securely and at scale to AWS IoT platforms
- Read the AWS blog post on Using a Trusted Platform Module for endpoint device security in AWS IoT Greengrass
|Company||Company description||Region of operations||
|Partner offering||Offering details|
|GlobalSign is the leading provider of trusted identity and security solutions. Its high-scale PKI and Identity and Access Management (IAM) solutions support the billions of services, devices, people and things comprising of the Internet of Everything (IoE).||Americas, Asia-Pacific, Europe, Middle East, Africa, Greater China, Japan||Security & smart card solutions||Services||Leveraging best in class hardware and software based security technologies combined with the benefits of cloud-based infrastructure to secure your IoT solutions from manufacturing through provisioning.|