As you can see from the statistics shown here collected in our 2011 Embedded System Engineering Survey, security is becoming top of mind at many engineering organizations. Not only are more and more devices becoming connected to each other and the enterprise over the embedded cloud, but their software functionality is representing more value to end users and, in many cases, its compromise or failure can result can significant financial liabilities for OEMs.
The larger question is what does this so called importance actually mean to embedded engineering organizations and does it translate to the implementation of development practices that can actually reduce risk?
Although we believe that the impact of security on embedded device development is still in a relatively nascent state, we do not want you to take this to mean that OEMs aren’t doing anything about it. Security requirements and mitigation processes are already well established within a number of embedded industries as well as within a number of individual engineering organizations. However, there is not much comfort in the fact that although 70% of developers say security is important to their current projects, only 35% of engineers are confident their projects satisfy security requirements. Additionally, while it is not shown on this chart, 25% of the engineers we surveyed reported that no proactive steps were being taken to actually limit the security issues.
So what can OEMs do? Embedded engineers can look to any number of solutions to help improve the status quo, whether it’s operating systems, hypervisors, semiconductor IP, or test tools among others.
Whereas there are a number of different technologies that can be used to help address or limit security issues, however - it is important to remember that there is no one silver bullet. In fact, we believe that the growing sophistication and complexity of embedded and mobile devices is making it increasingly critical for OEMs to look to use a range of the different available technologies as well as to institutionalize the supporting processes and best practices to ensure their efficacy. As a result, we recommend that the supplier community likewise works to not only drive awareness of their own solutions’ utility in addressing security issues, but also to maintain and or enhance their investments in partnerships and integrations intended to support security-focused initiatives.
VDC is investigating the trends around embedded security in even greater detail over the course of 2012. What do you think is the most important technological or business factor that OEMs should consider in order to improve the security of their next generation designs?