Enterprise IoT security sucks so much, it's made Intel and Arm work together to tackle it
Chip rivals lock lips to make customers happy
Intel on Monday joined hands with Arm, its occasional rival, in an attempt to make the notoriously dismal state of Internet-of-Things security less so.
The two chip designers aren't concerned with consumer IoT devices, which can be expected to remain a hot mess; rather they hope to provide corporate customers with a way to efficiently and securely adds sensors and the like to their networks.
The device provisioning process turns out to be rather involved, and so doesn't scale well. IT admins may find it acceptable to spend 20 minutes or more configuring and authenticating a single device, but when there are hundreds or thousands of the things to set up, no one wants to enroll the assorted gadgets, geegaws and MacGuffins manually.
In a phone interview with The Register, Lorie Wigle, veep of Intel's software and services group and general manager of IoT security, said enterprise IoT deployments are moving from the proof-of-concept phase into real-world deployments. "That's when this notion of scaling is really a pain point," she said.
A year ago, Intel took a stab at addressing the device enrollment problem with its Secure Device Onboard service, which uses Intel Enhanced Privacy ID (EPID) data embedded in chips to automatically validate and provision corresponding IoT devices.
Arm, it turns out, has something similar, an IoT management platform called Pelion. And because kit from the two companies often turns up in the same deployment, the competitors have found common cause.
Together, the two chip firms believe they can provide a path to securely connect any device to any cloud, thanks to the provisioning data each embeds in its respective silicon.
Charlene Marini, veep of IoT services group strategy at Arm, said: "This a strategic collaboration around a common vision of any device in any cloud."
While the two companies regularly work together on standards, this is the first time they've partnered to deal with IoT security, according to Marini.
Marini said customers have frequently complained about fragmentation when dealing with IoT. Wigle observed something similar. "Most of our customer deployments are heterogeneous in nature," she said. "There is very much a customer request that these things work together."
As a result of this Intel-Arm collaboration, via the Pelion platform, IoT devices should be easier to connect to cloud services, partner systems, on-premises platforms, and device management services. Makers of said stuff, meanwhile, should have fewer device options and provisioning configurations to worry about.
The two companies found a research consultancy – surely, a neutral, disinterested party – that's thrilled with the tie-up: "Intel and Arm are simplifying one of IoT's most complex and challenging barriers with regard to streamlining the manufacturing and security deployment workflows for IoT," said Michela Menting, director of ABI Research, in a statement. "This is an ROI win for the customer, who will be able to deploy both Intel and Arm based devices at a lower cost and with less friction between IT and OT [operational technology] while at the same time retaining flexibility over their data and cloud partner choice until the deployment phase."
More will be said about the arrangement at the IoT Solution World Congress, which takes place in Barcelona, Spain, on October 16. You can also find some official blurb from Arm, here, and from Intel, here. ®
Sponsored: Becoming a Pragmatic Security Leader