The Internet of Things (IoT) is very much a modern Wild West. Devices are connected to networks without considering security, offering bad actors a tempting gateway into your systems. What’s more, those devices are rarely updated, running the same insecure firmware as the day they were deployed. That makes it a matter of when, not if, you get compromised.
How can we secure devices and make sure they stay secure? That’s where Azure Sphere — Microsoft’s defence-in-depth IoT platform that mixes hardware, software, and the cloud to protect your devices and your network — comes in. Initially announced in May 2018, Azure Sphere has finally reached general availability, with hardware and software ready for use.
Start with the silicon
At the heart of Azure Sphere is a hardened Arm-based microcontroller, designed to deliver what Microsoft calls “the seven properties of highly secured devices“. These are a hardware-based root of trust, defence in depth, a small trusted computing base, dynamic compartmentalisation, certificate-based authentication, error reporting, and renewable security. Taking an opinionated approach to hardware and software design like this is sensible, as it ensures that everyone using Azure Sphere is on the same page and is using the same security model.
The first Azure Sphere-certified microcontroller is MediaTek’s MT3620. Based on Arm’s Cortex-A7 design, it’s a powerful enough chip to run a Linux-based operating system. That does mean it’s not the cheapest device on the market — more Raspberry Pi than Arduino. Microsoft has announced additional hardware from NXP and Qualcomm, giving you a choice of vendors and microcontrollers with different capabilities — NXP adds AI and graphics support, while Qualcomm adds cellular connectivity.