The Edge Secured-core program is designed to validate IoT devices for specific security hardware technology, and ensure users that they are running an OS with built-in security technology. Credit: Metamorworks / Getty Images Addressing security concerns associated with the growing momentum for edge computing, Microsoft is making its Edge Secured-core program for Windows-based IoT devices generally available. Added as a new certification under the Azure Certified Device program, Edge Secured-core is for IoT devices running a full operating system, such as Windows 10 IoT or Linux. While support for Windows 10 IoT is generally available, it is still in preview for Linux. IoT devices at the network edge pose an enormous security challenge. Networks of IoT devices, transmitting data back to enterprise systems for analysis, have multiple points of weakness. Citing an in-house study conducted in collaboration with Poneman Institute, Charles Broadfoot, senior program manager at Microsoft, said in a blog post that about 65% of companies adopting IoT solutions mentioned edge security as their topmost priority. Devices that are targeted in IoT attacks can be bricked, held for ransom, or exploited to launch further attacks. The common attacks associated with the IoT devices include stolen IP, data theft, and compromised regulatory status, Broadfoot added. What does an Edge Secured-core device include? To meet security requirements for IoT devices, Edge Secured-core certified devices will address issues such as device identity, secure boot, operating system hardening, device updates, data protection, and vulnerability disclosures. Additionally, an Edge Secured-core device will require OEMs to supply device updates for a period of at least 60 month. Other device requirements include support for modern protocols and algorithms to protect data at rest and in transit. The certification, apart from validating a hardware device for specific security hardware technology, will ensure users that they are running an operating system with built-in security and the use of continuous threat monitoring with IoT services such as Microsoft Defender for IoT. Edge Secured-core will provide IoT device makers with an easy, low-cost differentiator enabling customers to identify high-security configurations on their devices, according to Broadfoot. Microsoft’s Secured-core concept expands Microsoft first introduced the Secured-core concept in 2019 in an effort to match Apple’s control over its own hardware and operating systems. Within this initiative, Microsoft partnered up with Windows PC makers to gain some control over hardware security, and have a say in how devices could stop attacks from exploiting firmware dominance over the Windows kernel. Later in 2021, Microsoft expanded the program to include Windows servers and Azure stack hyperconverged infrastructure (HCI) servers. Various server products from vendors including Dell, HPE, Lenovo, AMD, and NEC—which ran Windows Server 2016, 2019, and 2022 versions—received Secured-core approval. Secured-core was not designed to be included as branding on the PCs, but only to certify security for non-Microsoft hardware running Windows. Microsoft has listed devices, including edge and non-edge machines, that are part of the program in its Azure Certified Device catalog. Related content news Zscaler shuts down exposed system after rumors of a cyberattack Initially dismissing rumors, Zscaler now says it did have a system exposed but nothing important has been accessed. By Shweta Sharma May 09, 2024 3 mins Data Breach Cyberattacks news Palo Alto launches AI-powered solutions to fight AI-generated cyberthreats The suite is powered by Palo Alto’s proprietary solution, Precision AI, which integrates machine learning, deep learning, and generative AI technologies. By Prasanth Aby Thomas May 09, 2024 3 mins Generative AI Security Software news F5 patches BIG-IP Next Central Manager flaws that could lead to device takeover Two high-risk vulnerabilities could allow attackers to gain full administrative control on devices via leaked password hashes. By Lucian Constantin May 08, 2024 5 mins Threat and Vulnerability Management Cloud Security Vulnerabilities news Suspected Chinese hack of Britain’s Ministry of Defence linked to contractor, minister confirms The UK’s defence minister would not confirm that the attack was conducted by an element of the Chinese state, rather blaming the “potential failings” of a partner. By John Dunn May 08, 2024 4 mins Aerospace and Defense Industry Data Breach Government PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe