Microsoft designs Linux-based secure processor for IoT platform

The researchers at Microsoft Research have made advances to strengthen the power of these chips and to put that power to work to protect peoples security, Smith said.

Currently a freelance writer, Im the former editor of and Computing Canada. An IT journalist since 1997, Ive written for several of ITWCs sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomedia [@] m

SubscribeResourcesCanadianCIODigital SecurityCMO DigitalCDN MagazineIT Salary CalculatorLightningPRWebinars and EventsTech ResearchPartner ContentIT World Canada CommunityAbout UsContact UsTechnology VideosIT NewsIT BlogsMobility NewsCloud ComputingTechnology TopicsITWC TalksITWC WebsitesITWC.caComputer Dealer IT World mIT Business.caDirection Informatique.com© 2018 IT World Canada

In a bid to boost the security of so-called Internet of Things devices, Microsoft will licence royalty-free a powerful and upgradable chip design, the heart of an ecosystem it promises will boost protection for millions of network-connected devices expected to be sold in the future.

Theres also announcing a new Microsoft Intelligent Security Association for tech firms to contribute to Microsoft security products. Members will be able to create more integrated solutions for customers.  Palo Alto Networks and Anomali join PricewaterhouseCoopers and other existing partners as founding members of the new association.

In his remarks Smith stayed away from suggesting the Azure Sphere platform could be used in industrial/automotive/medical systems, whereBlackBerrys QNXand Intels VxWorks operating systems for embedded systems are known. The implication is its more for homes and offices.  Eric Byres, a Nanaimo, B.C.-based industrial control system (ICS) expert said in an interview that manufacturers of ICS device are likely to stick to specialty OSs for the next decade. However, he added, many new makers of small industrial embedded devices that monitor or optimize a process may find Azure Sphere attractive.

The upcoming Windows 10 update for the enterprise gives Windows Defender Advanced Threat Protection (ATP) the ability to include threat protection and remediation spanning Office 365, Windows and Azure. The update will also include new automated investigation and remediation capabilities in Windows Defender ATP, which Microsoft says will leverage artificial intelligence and machine learning to quickly detect and respond to threats on endpoints.

It will enable us to stand behind the technology the way I believe the world needs, because what we will do is ensure these devices are secure throughout their lifetime with the continuing improvements and updating of the Azure Sphere operating system through a Microsoft Azure-based security system or competitors, including clouds from Amazon AWS, Google Cloud, Oracle and IBM.

Microsoft offered this video for more information on the platforms protections:

According to Wikipedia a microcontroller is similar to a system on a chip, with a processor, memory and programmable input/output peripherals. MCUs are designed for low-power embedded systems.

Microsoft Secure Score, which can score an organizations security environment by analyzing users regular activities and security settings. Its similar to Office 365 Secure Score, which ranks and compares the productivity suites set-up and offers recommendations for improvement;

Even bigger news: Rather than a Windows operating system, the OS is based on a custom Linux kernel.

Ransomware and distributed denial of service (DDoS) attacks are increasingly giving CISOs headaches as criminals find the former lucrative and…

Microsoft has tried to get into this market with standalone OS versions called Windows Embedded and Windows 10 IoT.

It was one of several security-related announcements made by Microsoft. It also released two ways CISOs can measure and improve their security status:

Celebrating 25 Years of CIO Leadership

He also noted that Microsoft has more than just improving security on its mind. It also wants to increase enterprise use of its Azure cloud platform.

Microsoft president Brad Smith made the announcement Monday at the beginning of the annual RSA Conference in San Francisco.

When threat actors see a good thing theyre not shy about piling on. Unsecure IP-connected surveillance cameras are a good…

Attack Simulator, a part of Office 365 Threat Intelligence, lets security teams run simulated attacks including mock ransomware and phishing campaigns to test their employees responses.

He showed one of the chips, about the size of a fingertip, but one Smith said is five times more powerful than other processors on the market.

OUCH! Free Content gets hurt by enabled Ad Blockers

Please consider unblocking us orSubscribein support of our great non-gated content.

Only 10 per cent of those surveyed were very confident that they can detect and protect against IoT-related security incidents, while 62 per cent are only somewhat or not confident that they can do so.

Digital Transformation Conference adds speakers Alex Benay, Tony Lacavera

Forrester Research analyst Merritt Maxim said in an interview that any time a major company like Microsoft shows a commitment to IoT security is generally positive. Like anything else, he added its all about execution. It sounds good in a press release but six or nine months from now can they deliver on the things they promised?

Technologys role in data protection the missing link in GDPR transformation

In an email Gartner analyst Saniye Alaybeyi called it great news . Cheap security for all sorts of IoT devices including cheap toys. Microsoft chose Linux because most devices in the cloud are based on the open source operating system. For increased Azure adoption, she added, they had to go with Linux.

This is kind of cool, he said of the Microsoft effort. It should be an interesting play on their part. It looks like a fairly powerful MCU and it runs Linux, yet integrates into their platform. Id look at it as a developer.

Called theAzure Sphere MCU(for microcontroller unit), the design has already been picked up by chip-maker MediaTech and will ship to device manufactuers later this year. No customers were announced.

SIDEBAR: Have consumer IoT devices in your enterprise? Heres how to secure them

What makes the Azure Sphere MCU different from others, Smith said, are its hardware and software security features: There are several layers that prevent hardware attacks, includingso-called side-channel attacks that Intel desktop and server chips are vulnerable to;certificate-based authentication, which is hard to crack, is used to communicate to the manufacturer or other devices, with private keys stored in a hardware-protected vault inaccessible to hardware; the ability to report to a manufacturer or enterprise through the trusted link of a security failure; and the ability to receive security patches.

Cyber security experts worry these vulnerable devices will be with us for years, unless theyre replaced, so will be a long-term constant threat. That led security expert Bruce Schneier to tell last years SecTor conference in Torontothat government safety regulation of the Internet of Things is coming.

Azure Sphere is in private preview. Developer kits will be available in the summer.

In an email Microsoft said pricing will be a onetime fee that includes the Azure Sphere MCU plus access to the Azure Sphere Security Services and on-device security updates for 10 years. Pricing will vary depending on factors such as the Azure Sphere certified chip used and volume.

IoT devices range from smart phones to product counters in refrigerators, smart thermometers in homes and network-connected sensors in pipelines. Smith said some 9 billion controllers will ship this year. However, other than smart phones, few systems can receive security updates. As a result, hackers can build botnets of thousands of vulnerable digital video cameras and home routers to launch massive DDoS attacks and distribute malware. The Murai botnet is a prime example, but there are others.

The chip design includes networking secured with silicon technologies Microsoft pioneered in its Xbox game console, and includes what Smith called cross-over processing capabilities that enable ambient intelligence in an MCU package for the first time.

Microsoft designs Linux-based secure processor for IoT platform

Carriers can only do so much to help with mobile security: Rogers

Some enterprises recognize the problem.Earlier this year Trustwave released a surveyof  137 people knowledgeable about and/or responsible for their organizations IoT-related security practices. Almost 60 per cent of respondents said security concerns are a barrier to the adoption of IoT devices in their organization, with another 25 per cent saying lack of standards is also a barrier.

The promise of the Azure Sphere platform depends on how many chip makers deliver the MCUs based on the design, and how many manufacturers put it in their devices. Manufacturers face conflicting pressures: Device buyers want security, but buyers are also price-conscious.

Both of these are free for companies subscribing to Microsoft 365, a cloud solution that includes Windows 10 Pro, Office 365, data and cyber threat protection.

The Azure Sphere OS is based on a custom Linux kernel, optimized for IoT environment and has been re-worked with security innovations pioneered in Windows. Of course, we are a Window company, Smith said, but what we realized is the best solution for a computer is this size is not a full-blown version of Windows.

Leave a Comment