Wind River Acquires Star Lab for IoT Security

Wind River today announced it has acquired Star Lab to enable customers to secure embedded systems running Linux. Terms of the deal were not disclosed, and Star Lab will continue to operate as a subsidiary of Wind River.

As more devices running Linux are connected to the internet, Wind River CEO Jim Douglas said a more systems-level approach to securing those devices is now required.

Star Lab CEO Irby Thompson said Star Lab provides that capability via its security suite, an instance of an open source hypervisor based on the Xen project and a secure boot solution that hardens the Linux operating system in a way that secures the booting process to make platforms resistant to tampering. The Star Lab approach assumes adversaries have compromised devices at a root level, so in addition to making it more difficult to tamper with the device, Star Lab makes sure it’s not possible to take over an entire platform, he said.

Wind River’s decision to acquire Star Lab is driven in part by rising interest in applying best DevSecOps processes to the development of internet of things (IoT) applications, Thompson noted. It may be a few years before DevSecOps is pervasive, but early indications suggest that transition is all but inevitable, he said. Rather than trying to secure IoT applications and devices after they are deployed, many organizations are looking to proactively secure IoT platforms that will connect to corporate networks, especially now that 5G wireless networks are coming available.

Previously, Douglas added, interest in securing embedded systems was not a major concern because connectivity was either nonexistent or curtailed.

The biggest issue organizations are encountering now is a tendency to address cybersecurity as each device and application is connected to the network rather than pursuing a more comprehensive approach to IoT security at scale, Douglas said. As awareness of that issue rises, he noted, IT leaders are getting more involved in IoT platform decisions.

Douglas said long-term Wind River will continue to partner with other vendors that are focused on securing, for example, physical access to IoT devices. Wind River doesn’t expect to go on any major cybersecurity acquisition sprees, given the high valuations many of the startups in this space currently have, he said.

It’s not clear to whether or how much cybersecurity concerns are slowing IoT deployments. Any concerns about cybersecurity appear to be trumped by perceived gains in productivity that warrant any potential risk. Naturally, there’s never going to be anything approaching perfect security. However, an IoT breach doesn’t have to be a catastrophic event, assuming the rights platforms and controls are in place.

The good news from a cybersecurity perspective is the gap between deploying new classes of IoT devices and securing them does not appear to be as wide as previous generations of new platforms. In fact, as more high-profile cybersecurity incidents involving IoT consumer devices are disclosed, the more apparent it becomes IoT solutions aimed at business-to-business (B2B) use cases are just as vulnerable.

Michael Vizard

Featured eBook
Managing the AppSec Toolstack

Managing the AppSec Toolstack

The best cybersecurity defense is always applied in layers—if one line of defense fails, the next should be able to thwart an attack, and so on. Now that DevOps teams are taking  more responsibility for application security by embracing DevSecOps processes, that same philosophy applies to security controls. The challenge many organizations are facing now ... Read More
Security Boulevard
Avatar photo

Michael Vizard

Mike Vizard is a seasoned IT journalist with over 25 years of experience. He also contributed to IT Business Edge, Channel Insider, Baseline and a variety of other IT titles. Previously, Vizard was the editorial director for Ziff-Davis Enterprise as well as Editor-in-Chief for CRN and InfoWorld.

mike-vizard has 508 posts and counting.See all posts by mike-vizard