Imagine if a hacker found a way to break into your gas stove's system and turn the gas on for a long time before activating the igniter. The result could be catastrophic.
"Fundamentally, the difference between a gas stove and a bomb is a matter of programming," Galen Hunt, a longtime Microsoft researcher and engineer, told CRN.
For Microsoft, this is the kind of potential security risk faced by the billions of devices and appliances that run on microcontrollers and are expected to connect to the internet in the next two years. And it's one of the major reasons why the Redmond, Wash.-based company developed Azure Sphere, which Microsoft calls a "first-of-its-kind" Internet of Things solution for securing microcontroller unit (MCU) devices.
"The reason why this is so important is, when you look at the 20 billion devices that are going to be connected in 2020, approximately 15 billion of those are in the small microprocessor class, so it's very much an urgent area that needs innovation," said Sam George, director of Azure IoT at Microsoft.
Azure Sphere, which Microsoft unveiled at RSA Conference 2018 this week, tackles IoT security in three ways: a new crossover class of MCU chips that are built in with Microsoft security technology and connectivity, a Linux-based operating system that comes with secured application containers and a security monitor, and cloud-based security service that provides certificate-based authentication and visibility into emerging threats. Microsoft's use of Linux for the operating system is a first.
Microsoft partners told CRN that they are thrilled to see the approach the company is taking with Azure Sphere.
Chicago-based 10th Magnitude has been working with Microsoft’s IoT suite since its inception, and "we’ve experienced the need for Azure Sphere firsthand," said 10th Magnitude cloud solution architect Glenn Mate in an email to CRN.
The firm has "constructed a number of bolt-on solutions for customers including our own IoT Field Gateway," Mate said. "Having this functionality native within the Azure toolset is exactly what solution providers and customers have been asking for, and we believe that this will accelerate Azure IoT suite adoption."
In general, 10th Magnitude has found that the key to customer success is to stay "as close to Azure native as possible," and Azure Sphere "aligns with that strategy," he said.
"This trend of Microsoft filling edge gaps with their own hardware innovation like Azure Data Box and now Azure Sphere is quite exciting for solution providers that have attached themselves to the explosive growth of Microsoft Azure," Mate said. "The pace at which Microsoft is giving solution providers tools to create customer value and monetize that value is staggering."
Hunt, who founded and leads the Azure Sphere program, described Azure Sphere as an end-to-end solution geared at device manufacturers that are making MCU-class devices and lack the means to build their own security solutions. The company's initial manufacturing partner is MediaTek, which will release the first Azure Sphere chip later this year.
By connecting MCU devices to the internet, George said it provides companies a "digital feedback loop" so that they can monitor the health of their devices and provide predictive maintenance.
"It helps them have a better customer relationship," he said.
While Microsoft has done a "stellar" job so far in its efforts around security in its Microsoft 365 suite of offerings, securing connected smart devices is a wise next move given that such devices "will be even more pervasive" than PCs, said Ric Opal, vice president at Oak Brook, Ill.-based SWC Technology Partners.
Up until now, connected smart devices have been "widely insecure," Opal said. "As great as Microsoft has done on the device identity side, now I think we have to applaud them for their focus on what I consider to be a much more extensive area that needs to be secure, and needs to be compliant. Because it's going to be pervasive."
To serve customers that are in the midst of digital transformation efforts, partners can "build security and compliance services around IoT" with the help of solutions such as Azure Sphere, Opal said.
"So I think it becomes a big monetization play for somebody who's savvy enough to build out a secure and compliant IoT managed service," he said. "There are millions more devices on the IoT side, and nobody is doing compliance and management there, so it's got to be a massive opportunity."
Reed Wiedower, CTO of Washington, D.C.-based New Signature, told CRN in an email that he believes Azure Sphere is poised to be "transformational."
That's particularly the case for partners that have a security practice such as New Signature, he said. Keeping the proliferation of connected smart devices patched and managed could add up to a "security nightmare" for many organizations, Wiedower said.
"With Azure Sphere, OEMs can be confident the devices they built remain secure years after they are deployed – and partners can expound upon the value of the Microsoft ecosystem," he said.
Microsoft's plan to launch a custom Linux kernel as part of the Azure Sphere OS offers a strong value proposition for partners as well, Wiedower added.
"It further reinforces that Microsoft has a team of top developers, regardless of the operating system," he said. "From Midori to Linux, Microsoft has always been willing to go outside the Windows world when it makes sense. The old days of Microsoft saying 'my way or the highway' are over – which is good news for all partners."
Microsoft is expecting Azure Sphere to present a wide range of ecosystem opportunities.
"What we see is that very often, it's our partners, whether ISVs or system integrators, that are helping put together and operate these connected product experiences for these companies," George said, "so there's a large partnership opportunity as there always is with Microsoft."
Avnet was named as Microsoft's first distributor for Azure Sphere, which Lou Lutostanski, Avnet's vice president of IoT, called a "groundbreaking security announcement."
"I think this will go a long way to accelerate the proliferation of IoT devices," he told CRN.