Director of Product Management, Secure Thingz
Clive Watts is Director, Product Management at Secure Thingz Ltd. delivering secure deployment solutions for the IoT market. He has over 20 years of experience in the product management of embedded products with previous roles at Arm and Cambridge Silicon Radio (now Qualcomm) as well as other Cambridge companies. He has a B. Sc. in Computing & Electronics from the University of Durham, UK and has recently been awarded an MBA in Technology Management from the Open University, UK.
Planning for the protection of your product IP throughout the volume curve
The IoT market is gradually realising that security is essential and that trying to add it in after a product has been designed is a costly and often ineffective approach. Consequently, more and OEMs are building security in from project inception. The intellectual property (IP) is application software is too valuable to be left unprotected.
It’s tempting to reach for the most convenient tools to hand which offer secure programming during development. Often these are bundled with other development and free, so what’s not to like, right? These tools may be sufficient protection during code development but at some point you’re going to have to let the application out of the lab and into the big wide world. Now what? OK – the next step is just to get a few boards made up and programmed in the lab downstairs. The guys down there probably have the same tools and you can trust them, right?
But now the lab’s overloaded, the clock is ticking and the market window hasn’t moved an inch so you turn to an external contractor for help. Do they have the same tools? How securely are they going to hold your IP? Can you really trust them? So, you give them the same tools as you have and head down the road to supervise those 20 samples you need. No problem
Prototyping done – check. First article – done. Now it’s time for your first batch volume production. Now where are you going to go? Certainly not the lab downstairs and the local contractor can’t handle the quantity you’re looking for. It’s going to have to be a contract manufacturer overseas, but they don’t have a secure programming solution that works at scale. So, what’s next?
Finally, it’s time to move on to the next product development – secure, of course. But the device you used last time round is no longer suitable as a different I/O mix is specified. Great, you’ve found the right device but from a different semi. That’s a headache because the security features are different and the secure programming tools are completely different. And you’ll have to go through all that pain with the contract manufacturer again. Nightmare.
This presentation considers how planning your security strategy for your product’s complete lifecycle and addressing the challenge of multiple vendors from the outset, can help you sleep better at night.