Nearly every connected device we use today–from routers and sensors to security cameras and controllers in the cars–has a NOR flash memory chip inside—a type of nonvolatile memory used for storage. Today, many NOR memory vendors are seeing the biggest growth come from embedded applications in new markets such as automotive, industrial, medical, and Internet of Things (IoT). Still, the NOR flash market will face a few challenging years ahead, as the vendors vie for a piece of the pie and learn to scale up for these new markets.
In each of these new markets, there are potentially billions of connected edge devices that will ultimately make up society’s crucial infrastructure. But the standard device protection methods, such as intrusion detection application, access control, and network protection, don’t apply to these edge devices. For one, most are in the public domain and, therefore, can be physically accessed by the outside world; this makes network protection weak, as it’s impossible to identify all entry points to an IoT edge device. And devices that aren’t physically accessible are still at risk, too, as they don’t have the computational processing power for sophisticated security application. This means that today’s device security is dependent on the CPU to protect against multiple vectors of attack and adapt to a dynamic environment that introduces new risks all the time. In many cases, a security breach comes from simple oversight by the manufacturer or the user.
With the recent known attacks on IoT devices and automotive, a new approach is needed to protect these connected devices without depending on the integrity of the CPU controlling it.
Securing the Flash
Security features in memory aren’t new, of course. Memory vendors have seen the customer demand for security embedded into devices. They’ve recognized the need to protect the memory and the value of offering device security features, and they know that managing and protecting IoT devices are some of the biggest challenges to deploying IoT and realizing business value from those deployments. The question is not only where that security will be integrated, but how it will be managed, especially in embedded memories that are expected to remain in a device for years, possibly decades. However, memory vendors have struggled to enable an end-to-end solution that would allow remote access and control after the initial sale, i.e. offer security and then monetize it. NanoLock has created this opportunity.
Using virtually zero computing and power resources and no increase in cost, NanoLock Security provides the industry’s only lightweight, powerful, low-cost security solution for protecting and controlling connected edge devices from the cloud to the flash. NanoLock Security protects firmware and sensitive information stored on connected IoT devices, preventing attacks ranging from ransomware to malicious manipulation of stored code. What’s more, NanoLock’s Management of Things platform (MoT) gives organizations deploying this solution the ability to, monitor, control, get alerts on prevented attacks, and securely update IoT devices. NanoLock’s unique cost structure is a pay-per-device cost structure that shifts the security expenses from CAPEX to OPEX, alleviating the burden of security expenditures upfront. Memory vendors who have partnered with NanoLock receive an upsale on top of the flash device sale, giving them additional revenue and relationships with NanoLock’s customers beyond one-time sales.
New Revenue Streams
This approach allows the flash memory vendors to see a new revenue stream.
Memory vendors who have partnered with NanoLock receive a share of that per-device income, giving them additional revenue and relationships with NanoLock’s customers beyond one-time sales. Today, memory vendors’ main customers are the end-device manufacturer or the ODM, but through a partnership with NanoLock, memory vendors become a partner in the sales process with the end-user of these devices: the OEM building new cars; the system integrator designing an industrial factory automation system; or the telco.
NanoLock has partnered with more than 80 percent of the NOR Flash Memory Market, including Cypress, Micron, and Winbond, with more in the pipeline. By partnering with NanoLock, the flash memory vendors can offer their customers—like operators and OEMs—embedded security at the device level that extends to the cloud. Their customers can leverage standard silicon trust anchors built into the flash memory to enhance firmware authentication and integrity of connected edge devices. NanoLock believes that securing the flash memory is the most fundamental aspect of device-to-cloud security protection because it can secure a device when all other methods fail. With the root of trust built into the memory, the device remains secure even if the processor or the network are hacked.
Together with these memory vendors, we’re all able to ensure the IoT devices are fully protected and managed, effectively eliminating the vulnerabilities in IoT systems and preventing large-scale cyberattacks.