Wind River today announced it has acquired Star Lab to enable customers to secure embedded systems running Linux. Terms of the deal were not disclosed, and Star Lab will continue to operate as a subsidiary of Wind River.
As more devices running Linux are connected to the internet, Wind River CEO Jim Douglas said a more systems-level approach to securing those devices is now required.
Star Lab CEO Irby Thompson said Star Lab provides that capability via its security suite, an instance of an open source hypervisor based on the Xen project and a secure boot solution that hardens the Linux operating system in a way that secures the booting process to make platforms resistant to tampering. The Star Lab approach assumes adversaries have compromised devices at a root level, so in addition to making it more difficult to tamper with the device, Star Lab makes sure it’s not possible to take over an entire platform, he said.
Wind River’s decision to acquire Star Lab is driven in part by rising interest in applying best DevSecOps processes to the development of internet of things (IoT) applications, Thompson noted. It may be a few years before DevSecOps is pervasive, but early indications suggest that transition is all but inevitable, he said. Rather than trying to secure IoT applications and devices after they are deployed, many organizations are looking to proactively secure IoT platforms that will connect to corporate networks, especially now that 5G wireless networks are coming available.
Previously, Douglas added, interest in securing embedded systems was not a major concern because connectivity was either nonexistent or curtailed.
The biggest issue organizations are encountering now is a tendency to address cybersecurity as each device and application is connected to the network rather than pursuing a more comprehensive approach to IoT security at scale, Douglas said. As awareness of that issue rises, he noted, IT leaders are getting more involved in IoT platform decisions.
Douglas said long-term Wind River will continue to partner with other vendors that are focused on securing, for example, physical access to IoT devices. Wind River doesn’t expect to go on any major cybersecurity acquisition sprees, given the high valuations many of the startups in this space currently have, he said.
It’s not clear to whether or how much cybersecurity concerns are slowing IoT deployments. Any concerns about cybersecurity appear to be trumped by perceived gains in productivity that warrant any potential risk. Naturally, there’s never going to be anything approaching perfect security. However, an IoT breach doesn’t have to be a catastrophic event, assuming the rights platforms and controls are in place.
The good news from a cybersecurity perspective is the gap between deploying new classes of IoT devices and securing them does not appear to be as wide as previous generations of new platforms. In fact, as more high-profile cybersecurity incidents involving IoT consumer devices are disclosed, the more apparent it becomes IoT solutions aimed at business-to-business (B2B) use cases are just as vulnerable.