Microsoft includes IoT devices under its Secured-core program

Addressing security concerns associated with the growing momentum for edge computing, Microsoft is making its Edge Secured-core program for Windows-based IoT devices generally available.

Added as a new certification under the Azure Certified Device program, Edge Secured-core is for IoT devices running a full operating system, such as Windows 10 IoT or Linux. While support for Windows 10 IoT is generally available, it is still in preview for Linux.

IoT devices at the network edge pose an enormous security challenge. Networks of  IoT devices, transmitting data back to enterprise systems for analysis, have multiple points of weakness.

Citing an in-house study conducted in collaboration with Poneman Institute, Charles Broadfoot, senior program manager at Microsoft, said in a blog post that about 65% of companies adopting IoT solutions mentioned edge security as their topmost priority. Devices that are targeted in IoT attacks can be bricked, held for ransom, or exploited to launch further attacks.

The common attacks associated with the IoT devices include stolen IP, data theft, and compromised regulatory status, Broadfoot added.

What does an Edge Secured-core device include?

To meet security requirements for IoT devices, Edge Secured-core certified devices will address issues such as device identity, secure boot, operating system hardening, device updates, data protection, and vulnerability disclosures.

Additionally, an Edge Secured-core device will require OEMs to supply device updates for a period of at least 60 month. Other device requirements include support for modern protocols and algorithms to protect data at rest and in transit.

The certification, apart from validating a hardware device for specific security hardware technology, will ensure users that they are running an operating system with built-in security and the use of continuous threat monitoring with IoT services such as Microsoft Defender for IoT.

Edge Secured-core will provide IoT device makers with an easy, low-cost differentiator enabling customers to identify high-security configurations on their devices, according to Broadfoot.

Microsoft’s Secured-core concept expands

Microsoft first introduced the Secured-core concept in 2019 in an effort to match Apple’s control over its own hardware and operating systems. Within this initiative, Microsoft partnered up with Windows PC makers to gain some control over hardware security, and have a say in how devices could stop attacks from exploiting firmware dominance over the Windows kernel.

Later in 2021, Microsoft expanded the program to include Windows servers and Azure stack hyperconverged infrastructure (HCI) servers. Various server products from vendors including Dell, HPE, Lenovo, AMD, and NEC--which ran Windows Server 2016, 2019, and 2022 versions--received Secured-core approval.

Secured-core was not designed to be included as branding on the PCs, but only to certify security for non-Microsoft hardware running Windows. Microsoft has listed devices, including edge and non-edge machines, that are part of the program in its Azure Certified Device catalog.