On Target: Embedded Systems

With Black Hat 2012 in Las Vegas wrapping up late last week, security has been top-of-mind for many within the embedded systems industry and beyond. As we’ve discussed in several recent blog entries, the growing connectivity/interconnectivity requirements of embedded devices have begun to raise the awareness of OEMs with regard to the need for improved security. However, they often remain unsure of how best to address these requirements, and in many cases fail to address them at all.

Preliminary data from our 2012 Embedded Engineering Survey not only reinforces this reality, but also sheds some additional light onto this phenomenon as it pertains to specific vertical markets. According to our data, the greatest disparity between importance and action exists in mobile phones and automotive applications – two areas which have only somewhat recently become the targets of malicious attacks and other security breaches. While the security of mobile phones has been increasingly addressed in BYOD environments by enterprise IT departments, the automotive industry has been slower to change, with the performance of automotive ECUs from a safety-critical perspective often taking precedence over security concerns. While the gap is smaller for military/aerospace and medical devices (heavily regulated industries that are somewhat predisposed to managing security concerns), there is still a significant portion of engineers in these areas who recognize the importance of security but have yet to do anything about it.

VDC believes these disparities represent a significant business opportunity for vendors of embedded security solutions – as well as for enterprise/IT security solutions vendors looking to expand into the embedded space – as the momentum behind security drives engineering organizations to more aggressively combat security issues. This of course includes vendors such as Icon Labs, McAfee, Mocana, Qualsys, Symantec, Valid Edge, and many others. Furthermore, we also believe there exists a similar opportunity for traditional embedded software suppliers – Coverity, GrammaTech, Green Hills Software, Klocwork, LynuxWorks, SYSGO, Wind River, etc. – whose products are particularly focused on addressing security concerns.

Over the next several quarters, VDC will be exploring these security trends and potential business opportunities as part of our new Voice of the Customer research program: Security & The Internet of Things. This program will provide OEMs, IT managers, and operators alike with the information they need to develop and implement robust security strategies to address the challenges posed by today’s Internet of Things. Please contact us for further information.