Azure Sphere

  • Author: Ronald Fung

  • Creation Date: 30 May 2023

  • Next Modified Date: 30 May 2024


A. Introduction

Azure Sphere is a secured, high-level application platform with built-in communication and security features for internet-connected devices. It comprises a secured, connected, crossover microcontroller unit (MCU), a custom high-level Linux-based operating system (OS), and a cloud-based security service that provides continuous, renewable security.

The Azure Sphere MCU integrates real-time processing capabilities with the ability to run a high-level operating system. An Azure Sphere MCU, along with its operating system and application platform, enables the creation of secured, internet-connected devices that can be updated, controlled, monitored, and maintained remotely. A connected device that includes an Azure Sphere MCU, either alongside or in place of an existing MCUs, provides enhanced security, productivity, and opportunity. For example:

  • A secured application environment, authenticated connections, and opt-in use of peripherals minimizes security risks due to spoofing, rogue software, or denial-of-service attacks, among others.

  • Software updates can be automatically deployed from the cloud to any connected device to fix problems, provide new functionality, or counter emerging methods of attack, thus enhancing the productivity of support personnel.

  • Product usage data can be reported to the cloud over a secured connection to help in diagnosing problems and designing new products, thus increasing the opportunity for product service, positive customer interactions, and future development.

The Azure Sphere Security Service is an integral aspect of Azure Sphere. Using this service, Azure Sphere MCUs safely and securely connect to the cloud and web. The service ensures that the device boots only with an authorized version of genuine, approved software. In addition, it provides a secured channel through which Microsoft can automatically download and install OS updates to deployed devices in the field to mitigate security problems. Neither manufacturer nor end-user intervention is required, thus closing a common security hole.


B. How is it used at Seagen

As a biopharma research company that uses Microsoft Azure, Azure Sphere can help improve the security of your IoT devices, making them more secure and easier to manage. Here are some ways that Seagen can use Azure Sphere:

  1. Secure IoT devices: Azure Sphere can be used to secure IoT devices by providing a secure hardware platform, secure operating system, and cloud-based security service. This can help to protect your IoT devices from cyber threats and ensure that they are working as intended.

  2. Manage IoT devices: Azure Sphere can be used to manage IoT devices by providing a cloud-based management service that allows you to monitor and manage your devices from a single location. This can help to reduce the time and effort required to manage your IoT devices and ensure that they are working as intended.

  3. Simplify IoT development: Azure Sphere can be used to simplify IoT development by providing a comprehensive development platform that includes hardware, software, and cloud-based services. This can help to reduce the time and effort required to develop and deploy IoT solutions.

  4. Increase IoT device lifespan: Azure Sphere can be used to increase the lifespan of your IoT devices by providing security updates and patches throughout the lifecycle of your devices. This can help to ensure that your devices remain secure and functional for longer.

  5. Enable new IoT scenarios: Azure Sphere can be used to enable new IoT scenarios by providing a secure and scalable platform for IoT solutions. This can help Seagen to develop and deploy new IoT solutions that improve the efficiency and effectiveness of its research operations.

Overall, Azure Sphere can be a valuable tool for Seagen to secure and manage its IoT devices, simplify IoT development, increase IoT device lifespan, and enable new IoT scenarios. By using Azure Sphere to secure and manage its IoT devices, Seagen can ensure that its critical research data is protected from cyber threats and that its IoT devices are working as intended.


C. Features

Azure Sphere is a comprehensive solution for securing IoT devices that includes a secure hardware platform, secure operating system, and cloud-based security service. Here are some of the key features of Azure Sphere:

  1. Secure hardware: Azure Sphere includes a secure microcontroller unit (MCU) that is designed to provide hardware-level security for IoT devices. This secure MCU is designed to protect against hardware-level attacks and is integrated with other components of Azure Sphere to provide comprehensive security for IoT devices.

  2. Secure operating system: Azure Sphere includes a secure operating system (OS) that is designed to provide a secure environment for IoT devices. The OS is based on a custom version of Linux that is optimized for IoT devices and includes security features such as hardware-based root of trust, defense in depth, and automatic updates.

  3. Cloud-based security service: Azure Sphere includes a cloud-based security service that is designed to provide ongoing security for IoT devices. This service includes features such as certificate-based authentication, device-to-cloud encryption, and over-the-air (OTA) updates.

  4. Integrated development environment: Azure Sphere includes an integrated development environment (IDE) that is designed to simplify IoT development. The IDE includes tools for creating, testing, and deploying IoT solutions, as well as support for popular programming languages such as C and C++.

  5. Secure connectivity: Azure Sphere includes support for secure connectivity protocols such as Wi-Fi and Ethernet, as well as support for cellular connectivity. This helps to ensure that IoT devices are securely connected to the cloud and are protected from cyber threats.

  6. Scalability: Azure Sphere is designed to be scalable, making it suitable for IoT solutions of all sizes. This scalability is achieved through the use of cloud-based services that can be easily scaled up or down as needed to meet the needs of your business.

Overall, Azure Sphere is a comprehensive solution for securing IoT devices that includes a secure hardware platform, secure operating system, and cloud-based security service. Its integrated development environment, secure connectivity, and scalability make it an ideal solution for businesses looking to develop and deploy secure and scalable IoT solutions.


D. Where Implemented

LeanIX


E. How it is tested

Testing Azure Sphere involves verifying that your IoT devices are secure and working as intended. Here are some steps you can take to test Azure Sphere:

  1. Verify hardware security: Verify that the secure microcontroller unit (MCU) is functioning as intended by testing its hardware security features, such as the hardware-based root of trust and secure boot process.

  2. Test software security: Test the secure operating system (OS) by attempting to exploit known vulnerabilities and verifying that they are successfully mitigated by the OS security features.

  3. Test cloud-based security: Test the cloud-based security service by attempting to exploit known vulnerabilities in the service and verifying that they are successfully mitigated by the service security features.

  4. Test OTA updates: Test the OTA update feature by attempting to update a device’s firmware over the air and verifying that the update is successful and does not compromise the security of the device.

  5. Test device-to-cloud encryption: Test the device-to-cloud encryption feature by attempting to intercept and decrypt data transmitted from a device to the cloud and verifying that it is successfully encrypted.

  6. Review documentation: Review the Azure Sphere documentation to ensure that your IoT devices are properly configured and that you are using the most recent version of Azure Sphere.

Overall, testing Azure Sphere involves verifying that your IoT devices are secure and working as intended. By verifying hardware security, testing software security, testing cloud-based security, testing OTA updates, testing device-to-cloud encryption, and reviewing documentation, you can ensure that Azure Sphere is effectively securing your IoT devices and that your IoT solutions are working as intended.


F. 2023 Roadmap

????


G. 2024 Roadmap

????


H. Known Issues

Azure Sphere is a relatively new solution for securing IoT devices, and as with any new technology, there may be some known issues that users should be aware of. Here are some of the known issues for Azure Sphere:

  1. Limited hardware support: Azure Sphere is currently only supported on a limited number of hardware platforms. This can limit the ability of businesses to use Azure Sphere to secure their IoT devices.

  2. Limited software support: Azure Sphere is based on a custom version of Linux, which may limit the ability of businesses to use popular software and programming languages that are not supported by the Azure Sphere OS.

  3. Limited cloud support: Azure Sphere is designed to work with Microsoft Azure, which may limit the ability of businesses to use other cloud providers or services.

  4. Limited development tools: Azure Sphere includes a limited set of development tools, which may limit the ability of businesses to customize or extend Azure Sphere to meet their specific needs.

  5. Potential performance issues: Azure Sphere includes a secure operating system and cloud-based security service, which may impact the performance of IoT devices. This can be particularly problematic for IoT devices with limited processing power or memory.

  6. Security concerns: As with any cloud-based service, there may be security concerns related to Azure Sphere. Businesses must take appropriate measures to protect sensitive data and ensure that their IoT devices are properly secured.

Overall, while Azure Sphere is a promising solution for securing IoT devices, users must be aware of these known issues and take steps to mitigate their impact. This may include carefully selecting hardware platforms and software that are compatible with Azure Sphere, carefully configuring the service to meet the specific needs of their business, providing training and support to users to effectively use and manage Azure Sphere, and carefully integrating Azure Sphere with other Azure services and third-party services to minimize the risk of compatibility issues.


[x] Reviewed by Enterprise Architecture

[x] Reviewed by Application Development

[x] Reviewed by Data Architecture