Microsoft Aims for IoT Security with Azure Sphere, MCU Architecture

Azure Sphere Gives Boost to IoT Security, But Gaps Remain

Aiming for IoT security at the silicon level, Microsoft debuts Azure Sphere security services and a new MCU architecture. But can the 'crossover' secure most MCU-powered devices?

Written by Courtney Bjorlin
24th April 2018

Azure Sphere, Microsoft’s new technology for securing connected devices powered by a microcontroller unit, brings crucial attention to IoT security and holds the potential to reduce the complexity associated with implementing it, analysts agreed.

But in terms of securing the potential “billions” of connected, MCU-powered devices, “it’s not a panacea,” as Mike Demler, senior analyst with The Linley Group, put it. Azure Sphere-certified “crossover” microcontroller units (MCUs) – which combine real-time and application processors with built-in Microsoft security technology and connectivity – won’t be economical to implement in many low-cost IoT devices, and they will consume too much power to run low-powered ones.

“Once you’re running Linux, it’s not a microcontroller. It’s a processor,” Demler said. “This is for another level up, and that’s fine, but it’s not going to replace all the microcontrollers out there. If [Microsoft] is trying to get other chip companies to adopt this architecture, it will only fit in a certain class of IoT device. There will be many more IoT devices out there that can’t use this type of architecture.”

The Azure Sphere stack, so to speak, announced recently by Microsoft at the RSA Conference, includes the IP for the silicon security technology and architecture for the chip (which includes built-in network connectivity), a Linux-based operating system, and the Azure Sphere Security Service. That cloud service provides certificate-based authentication, detects emerging security threats across the Azure Sphere ecosystem through online failure reporting and updates the “crossover” MCU-powered device.

“The addition of an application processor delivers unprecedented power and security to Azure Sphere MCUs compared to legacy MCUs,” a Microsoft spokesperson said via email.

[Internet of Things World addresses the security concerns for IoT implementation in every vertical, attracting senior security professionals from the world’s biggest organizations. Get your tickets and free expo passes now.]

That entire package will cost “under $10 a device,” according to an interview with Lou Lutostanski, who is the vice president of IoT for Avnet, the first distributor named by Microsoft for Azure Sphere. The first of the chips – for which Microsoft will license its security IP royalty-free, will be the MediaTek MT3620 featuring ARM Cortex-A7 application processors. Those chips will come to market in volume this year, according to a blog announcing the news.

Microsoft declined a request for an interview asking for more details on the types of IoT devices Azure Sphere technology would target, but a spokesperson said in a written statement that Azure Sphere MCUs could be in “everything from toys to home appliances, to agriculture and industrial equipment.”

Microsoft’s technology is interesting for IoT devices in that it secures the hardware through connectivity to the cloud-based security services, which ensures regular updates and patching; that certificates can be changed; and more, according to Paul Miller, senior analyst with Forrester.

“You as the buyer and you as the user are confident that you always have the latest patches,” Miller said. “They’re saying, ‘We know how to do this. We’ve been patching Xboxes for years. We’ve been patching Windows. We’re getting better at it and building on global capability.’ And they’re wrapping this together.”

That end-to-end package is beneficial particularly for enterprises implementing industrial IoT projects and those building IoT technology for that segment – particularly when it comes to easing the management and configuration of components, according to an email interview with John Myers, managing research director at Enterprise Management Associates.

“That’s going to be the hurdle for most IT shops. … How to manage the overhead associated with IoT device operations – security, configuration, software/OS update – is going to be key,” Myers said. “Microsoft is speeding the secure deployment and offering a cloud-based implementation environment for streaming and data management.”

The technology will be “relevant to the ecosystem of smart connected assets, cutting across almost every asset class,” according to Matthew Littlefield, president and principal analyst with LNS Research. That includes automation systems, computer-numeric-control (CNC) machines, 3-D printing, robotics, motors and drives, valves, pumps, instrumentation, surface-mount-technology (SMT) machines, semiconductor equipment, rotating equipment, and “the list just keeps going,” he said in an email interview.

Avnet’s Lutostanski said: “Microsoft is [bringing] together an end-to-end solution they can control from the hardware and software standpoint. This is one of several different products in [Avnet’s] security portfolio, and it’s by far the most complete security solution we can offer.”

While much was made in news coverage about the announcement of Microsoft’s use of Linux and not Windows, Forrester’s Miller said the operating system choice “makes total sense,” pointing out that nearly one in three Azure virtual machines is Linux-based.

“Microsoft has been on this journey for a very long time,” Miller said.