After several years of building and testing previews, Microsoft on Monday announced the general availability of its Azure Sphere secure IoT service.
Microsoft first introduced Azure Sphere in 2018, opting to use its own version of a Linux operating system instead of Windows 10 to drive its new Azure Sphere OS to securely connect Internet of Things devices.
Azure Sphere is a platform connecting microcontroller units embedded within IoT devices. The platform operates a new MCU crossover class that combines both real-time and application processors with built-in Microsoft security technology and connectivity.
Each chip includes custom silicon security technology Microsoft developed. Azure Sphere leverages a custom Linux-based kernel. The kernel runs in supervisor mode, along with a boot loader, and is tuned for the flash and RAM capabilities of the Azure Sphere MCU.
Security is one of the leading barriers to expanding IoT adoption safely. Microsoft hopes to lock down IoT device security with its cloud-based delivery solution. The company sees its mission as empowering organizations to create and connect secure, trustworthy IoT devices in order to encourage innovation.
The number of connected devices is expected to reach 20 billion units this year. Microsoft expects IoT adoption to accelerate to provide connectivity to hundreds of billions of devices. Such massive growth would increase the risks for unsecured devices.
General availability for Azure IoT is good news for the industry as enterprises will be most comfortable with platforms from companies like Microsoft, VMware and AWS, according to Patrick Moorhead, principal analyst at Moor Insights & Strategy.
“The Azure folks need to make sure that its message of cross-platform and cross-vendor become true,” he told LinuxInsider.
Getting Ahead of the Curve
Microsoft announced Azure Sphere two years ago as a program to improve security for the 41.6 billion Internet for things devices IDC expected to be connected to the Internet by 2025.
This week’s announcement demonstrates that the company is ready to fulfill that promise at scale, noted Halina McMaster, principal group program manager for Microsoft’s Azure division.
First, Azure Sphere software and hardware have completed rigorous quality and security reviews. Second, Microsoft’s security service is ready to support organizations of any size. Third, operations and security processes are in place and ready for scale, McMaster said.
“General availability means that we are ready to put the full power of Microsoft behind securing every Azure Sphere device,” she noted.
The general availability marks an opportunity for Microsoft to release a new product that addresses crucial and unmet needs as well as a new technology category to the Microsoft family, to the IoT market and to the security landscape, McMaster said.
Testing Potential Significance
The significance of the new technology is not clear at this point, but a major vendor that enters a still emerging market often can help speed the evolution of new products and services, according to Charles King, principal analyst at Pund-IT.
“With Azure Sphere for IoT, Microsoft has identified and plans to address significant security issues that can restrain companies’ interest in or willingness to deploy IoT solutions. If it works as advertised, Microsoft’s offering could help boost IoT beyond pilot and experimental efforts,” he told LinuxInsider.
By offering an IoT security solution tied to cloud services, Microsoft aims to make it easier for IoT companies to develop commercial solutions that customers will find attractive. In a way, Azure Sphere for IoT is mainly about reducing the friction and impediments of security concerns that dog IoT, King said.
Important Step Forward
Services such as Azure Sphere are a step in the right direction. They simplify the implementation of architecturally complex security tasks through a tightly integrated stack, noted Jack Mannino, CEO of nVisium.
“With the vast amount of services and components within IoT products and their supply chain, this helps development teams establish a secure foundation before addressing other security flaws within their design,” he told LinuxInsider.
Often, engineering teams will ship products without fully understanding the security impact of their design decisions or integrations, Mannino explained. So it is important to provide secure defaults and baseline security to build devices that will withstand the test of time when deployed in the field.
How It Works
Azure Sphere is a security system that protects IoT devices over time using its four-part system. One of its chief components is a new technology — the Azure Sphere-certified chips — that go into every device. Every Azure Sphere chip includes built-in Microsoft security technology to provide a dependable hardware root of trust and advanced security measures to guard against attacks.
A second essential component is the Azure Sphere operating system itself. This is based on a Linux distribution developed by Microsoft that runs on the chips. The Azure Sphere OS is designed to limit the potential reach of an attack and to make it possible to restore the health of the device if it’s ever compromised. It is a continually updated OS, proactively adding new and emerging protections.
The third component is Microsoft’s cloud-based Azure Sphere Security Service. This service reaches out and guards every Azure Sphere device. It brokers trust for device-to-cloud and device-to-device communication, monitors the Azure Sphere ecosystem to detect emerging threats, and provides a pipe for delivering application and OS updates to each device.
A fourth component of Azure Sphere is the support team and its members’ security expertise. The team provides ongoing security monitoring of Azure Sphere devices and the full ecosystem.
Altogether, these layers of security prevent any single point of failure that could leave a device vulnerable, according to Microsoft.
Complex, Not Complicated
Microsoft built its Azure security system around seven properties that every IoT device must have in order to be secured. It states a clear view of what IoT security requires, McMaster said.
These properties clearly outline the requirements for an IoT device with multiple layers of protection and continually improving security, she pointed out.
“Complex doesn’t mean complicated,” McMaster remarked.
The seven properties: Hardware-based Root of Trust, Small Trusted Computing Base, Defense in Depth, Compartmentalization, Certificate-based Authentication, Renewable Security and Failure Reporting.
Any organization can use the seven properties as a roadmap for device security, McMaster said, but Azure Sphere is designed to give Microsoft’s customers a fast track to secured IoT deployments by having all seven properties built-in.
It makes achieving layered, renewable security for connected devices an easy, affordable, no-compromise decision, she added.
Microsoft will open sign-up opportunities for eligible customers soon. Azure Sphere does not have ongoing fees associated with its use.
Customers will pay a one-time cost for a chip (as little as about US$8.65) that includes access to all of Sphere’s components. The cost includes operating system updates for the lifetime of the chip.
Alternatively, developers can license Visual Studio and Microsoft’s Azure IoT services to develop apps for Sphere more efficiently, according to Microsoft.
It is arguable that the presence of major vendors such as Microsoft can reduce or restrict innovation in emerging markets like IoT security, noted Pund-IT’s King. To its credit, Microsoft has become a far more agile and inventive organization under Satya Nadella’s leadership, so this issue may be minimized.
Clearly, Microsoft’s shift to Linux over Windows 10 can be disruptive or innovating.
“Certainly, it is difficult to imagine a similar effort (including the development of a Linux-based microcontroller OS) occurring under Microsoft’s previous leadership,” King observed.
The Linux kernel provides a surface for preemptable process execution, and the driver model exposes MCU peripherals to OS services and applications, he previously pointed out, noting that its relative lightness and ability to support targeted processes make Linux a great choice for Azure Sphere.