This article originally appeared in the Summer 2023 edition of United States Cybersecurity Magazine.
When we hear the term “IoT”, we immediately think of innovation, cutting edge, or a new way of doing things. We think about home automation, computer vision, smart watches, and driverless cars. When you stop to consider the endless ways IoT has modernized daily life and business, it’s pretty astounding. So why then is the process for developing and testing IoT device software stuck in the past?
Today the software development and testing process for IoT, broadly speaking, relies upon tools and methods from twenty years ago. The work is done on physical devices, racks of them in a lab, often involving highly manual operations. Standards for cybersecurity testing are also lacking. And, the SDLC (software development life cycle) process is very linear, with software developers waiting on physical device delivery from hardware engineering teams.
This last-gen process for IoT device development, where time-to-market and security concerns lie in opposition, is in need for reinvention.
IoT Device Development Is Growing in Complexity
There are several factors that are driving the need to change the SDLC process for the next generation of smart devices:
- System complexity: Early IoT devices were fairly simple in their computing needs. But today what seems to be a simple IoT solution is often composed of multiple edge and backend systems, layered subsystems, and with components often manufactured by multiple vendors. Take cars for instance, with 20+ processor-based subsystems, and their integration with 3rd party hardware and software, including smart phones and communication grids. Basic matrix testing to ensure seamless operation is already challenging, let alone worrying about the vast attack surface automotive systems and interfaces expose.
- Cyber security: IoT has expanded the security attack surface and created ever greater opportunities for errors, vulnerabilities, and intrusion. This dimension has rightly been highlighted as the most critical challenge for R&D teams. Testing systems and across systems, with varying software revisions and patches, is exponentially complicated by the physical hardware nature of IoT.
The Move to Arm and the Edge
Most IoT devices today are based upon the Arm processor architecture (as opposed to x86 processors found in servers and desktops). As IoT devices get more pervasive, and streaming all of the data they generate to cloud datacenters gets more cumbersome, a need for computing horsepower at the edge, on the IoT devices themselves, intensifies. Gartner estimates that by 2025, 75% of data will be processed at the edge, outside of centralized data centers. So the time for reinvention of more powerful, Arm-based IoT hardware and software development is now.
Device Virtualization to the Rescue
Clearly the tectonic shifts in IoT pervasiveness, complexity, and security risk means the old way of developing software for these devices has to change.
Adding virtualization to IoT DevOps is the key, and it’s surprising that it’s taken this long. For decades, virtualization technology use for servers and desktops has been mainstream for software development and testing. But where has it been for IoT – for mobile phones, cameras, routers, and for all edge computing smart devices?
The answer lies with the ability to create virtual software models of them. The technology, called a hypervisor, for Arm processor-based hardware, is finally here. It enables the creation of virtual versions of device hardware – from phones to IoT devices – for nearly unlimited R&D applications. Imagine replacing physical device labs and manual processes with virtual devices and automated processes.
DevOps for Mobile and IoT Software Development Is Forever Changed
Faster and more efficient DevSecOps becomes a reality when virtual hardware is inserted into the CI/CD workflow.
- Instant time-to-value through simplified developer, security and test team onboarding without the time, costs, and risks associated with procuring and shipping physical devices.
- Single platform efficiency for both iOS and Android devices, or both IoT devices and their companion mobile apps.
- Comprehensive matrix testing across near limitless device hardware and software combinations that are spun up on-demand.
- Faster testing cycles through Arm-native server performance as compared to running tests on less powerful edge device hardware.
- More powerful security testing made possible by Arm-native virtualization and full access to firmware, file, system, data, and network layers.
- Better and faster collaboration between developer, security, and testing teams through simplified snapshot, restore, and cloning functionality afforded by going virtual.
- Significantly lower costs by eliminating wide arrays of hardware and software procurement, lab maintenance personnel, and slow downs caused by device unavailability.
The shift from physical to virtual that occurred in the datacenter decades ago, radically changing server software R&D, has now come to the IoT and smart device edge.
Learn more about IoT device DevOps with Corellium.
Keep reading
Mobile Vulnerabilities Exposed: Data in Transit
Deep Dive into Experimenting with Messaging App Vulnerabilities
