Embedded system products are often deployed by IT managers struggling with a longstanding tradeoff: Should you sacrifice IT performance to make IT more secure?
The performance-or-security tradeoff has been the subject of technology research and industry analysis for many years. The analysis often focuses on issues like network performance or business application performance and how security measures may impede or otherwise affect throughput or access. But IT managers in an enterprise frankly don’t have much room to maneuver when it comes to the tradeoff. If a system, network or application isn’t performing in a way that users expect and find easy to use, it might as well not be deployed at all.
And, in fact, concerns over whether a particular system can be deployed with adequate security causes slower adoption for technologies that could have tremendous potential benefits for enterprises. For example, security concerns are often cited as one of the reasons that cloud computing and storage saw slower adoption than expected by many IT industry observers.
If you bring embedded system products to market, these concerns can have a direct impact on the market uptake for your products. In fact, embedded system security is a chief area of research and development for organizations that value security very highly, such as military applications.
Managing the tradeoffs
You could liken the tradeoff between security and performance to a car that will go 100 miles per hour, but only if you are not wearing a seatbelt.
In some industries, just getting a new system up and running with optimum performance may be the chief concern of an IT manager. The expectation is that basic security hygiene will be in place. Confidentiality and integrity of important data is assured, and access controls and user credentialing can be enforced.
But many companies operate in industries with critical security requirements. Healthcare enterprises in many countries are bound by law to protect patient data. Financial services companies must meet industry standards and legal requirements around protecting customer data and financial transactions. Public utilities must protect the delivery of essential services.
For these types of operations, security often outweighs the need for performance, to the point that some companies become slower adopters of certain types of IT products and services until security best practices are clearly defined.
These organizations will often engage in penetration testing and might hire external security testing consultants to conduct vulnerability scanning of their systems. Such security risk assessments are conducted on a regular basis across all types of systems and applications to ensure a security vulnerability does not put the enterprise at risk of a breach.
Embedded system security for highly secure applications
It’s been said in security circles that the good guys need to get it right every time, but the bad guys need to get it right only once.
That means that a security manager can take every reasonable precaution and be constantly diligent. But if he or she fails to update a system with a patch only once, that opening might be all an attacker needs to get a toehold in the enterprise systems.
That’s why a device intended for deployment in a security conscious enterprise must be designed with security as a primary goal and that security posture must be easy to maintain over time.
Our focus on embedded Linux security, Internet of Things device security and embedded system security for open source software has enabled us to help device makers across a range of industries to bring more secure products to market.
Our Secure by Design offering includes device security auditing, which assists you with hardening devices and limiting the damage an attacker could do if they succeed in compromising the system.
Our Stay Secure offering includes a monitoring and notification service that help to streamline patch management, track Common Vulnerabilities and Exposures (CVEs) that affect your device, and make updates more efficient.
Contact us to learn more about our TRST (Threat Resistance Security Technology) Product Protection Solutions that will help you to bring more secure products to market faster.
Timesys has extensive experience with embedded system development and lifecycle management. Timesys has been instrumental in working with global leader semiconductor manufacturers with smart, quick and quality solutions for highly complex systems with accelerated product innovation and multiple product variants.