UPDATED 22:11 EDT / APRIL 16 2018

CLOUD

Microsoft doubles down on IoT security with Azure Sphere service

Microsoft Corp. is expanding its push into silicon chips as part of its new Azure Sphere service that combines a security chip design, a cloud service and — perhaps surprisingly for the creator of Windows — a Linux-based operating system to secure billions of “internet of things” devices.

The company today announced Azure Sphere during the security-focused RSA Conference taking place in San Francisco most of this week. Taking to the stage was Microsoft President Brad Smith, who explained the initiative is based on the capabilities of its new, partner-built microcontroller devices that come with custom silicon to create a hardware “root of trust,” which is a set of functions that’s always trusted by the operating system.

“In a world where everything is connected, anything can be disrupted,” Microsoft President Brad Smith told the audience during a keynote at the RSA Conference today. “We need to put security first.”

The Azure Sphere Certified Microcontrollers, as they’re called, were designed by Microsoft Research. The MCUs will be licensed royalty-free to a number of the company’s silicon manufacturing partners, the company said. They’ll come with built in connectivity, networking and security subsystems that are built specifically to secure IoT devices.

The first of these chips, called the MT3620, will be made by Taiwan-based MediaTek Inc. and should hit the market later this year. The chip will also be compatible with services from Amazon Web Services, Google Cloud, Oracle Cloud and other competitors, Smith said.

“Enterprises are looking for end-to-end solutions without a hard lock-in,” said Patrick Moorhead, president and principal analyst at Moor Insights & Strategy. “This is what Azure Sphere promises and it differentiates the offering. Others can piece-part solutions, but this is unique.”

Smith didn’t have much to say about the specifics of the new chip other than to say it would pack “five times” as much processing power as those currently on the market. However, there are more details about the chip’s architecture on this page, which states it “combines the versatility and power of an [ARM] Cortex-A processor with the low overhead and real-time guarantees of a [ARM] Cortex-M class processor.” The MT3620 chips also feature a “Pluton” security system that creates a hardware root of trust, store private keys and can even handle cryptographic operations, the page says.

azure-sphere-chip-diagram-100755129-orig

The chips are designed to work alongside a newly created operating system for IoT devices. Intriguingly, Microsoft decided that its Azure Sphere OS would be more useful if it’s based on Linux rather than Windows, so that’s what the company decided to do.

“We’re a Windows company, but what we recognized is that the best solution for a computer of this size in a toy is not a full-blown version of Windows,” Smith said. “It’s a custom Linux Kernel, and it’s an important step for us and the industry.”

Azure Sphere OS also comes with a security monitor for “in-depth” defense, offering multiple layers of security, Smith said.

The third and final piece of the puzzle is the cloud-based Azure Sphere Security Service, which performs tasks such as certificate-based authentication for device-to-cloud and device-to-device communications. The service also takes care of software updates and scans devices across ecosystems for threat-detection purposes.

Smith didn’t say much about why Microsoft was introducing Azure Sphere now, but the reason seems clear enough. It will provide the company with the opportunity to get its technology into billions of devices sold by other companies.

“Microsoft is covering all the IoT security bases with it’s engineered approach, but to make an impact in the market it must have consumer scale behind it,” said Peter Burris, general manager and chief research officer at Wikibon, an analyst firm owned by the same company as SiliconANGLE. “[However] Microsoft better understands how to scale a software business model better than any company on the planet, and so Microsoft Sphere absolutely is a credible entry in the race to solve IoT security at commercial scale.”

Burris did question whether device makers and software developers would be willing to integrate Microsoft’s technology into their products, given its historic propensity to keep much of the profits for itself. “Without pricing and a bit of understanding about the business model it’s hard to answer that question,” he said.

It’s also debatable if device makers would be willing to entertain using Microsoft’s new operating system, another analyst said. Chenxi Wang, founder of the Jane Bond Project, an independent security research and advisory firm, said she believes that any security system for IoT devices shouldn’t require a custom OS because most devices already use a cheaper version.

“Microsoft Sphere can do nothing for them,” Wang said. “If we are serious about solving the IoT security problem, we must engineer a solution that can handle devices that run on commodity hardware, with a commodity OS and open source software.”

Still, Microsoft seems to have lined up a couple of product partnerships at least. The refrigerator maker SubZero Freezer Co. Inc. and consumer appliance manufacturer Glen Dimplex Group both expressed enthusiasm for the idea.

“The work Microsoft is doing with Azure Sphere uniquely addresses the security challenges of the connected microcontrollers shipping in billions of devices every year,” said Glen Dimplex deputy chairman Neil Naughton. “We look forward to integrating Azure Sphere into our product lines later this year.”

Microsoft said Azure Sphere is now available in private preview. Software development kits will be made available by the middle of the year, with the first batch of Azure Sphere-protected devices set to go on sale by year-end.

The Azure Sphere microcontrollers weren’t the only chip-based security solution announced Monday. Intel said it’s planning to offload virus scanners’ work to its graphics chipsets to prevent slowdowns in the central processing units chips. Microsoft itself, an initial partner, will integrate Intel’s Accelerated Memory Scanning into Windows Defender Advanced Threat Protection’s antivirus capability.

With reporting from Robert Hof

Image: Microsoft

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU