Microsoft Reveals Secure End-to-End IoT Solution from Edge to Cloud

Written by Jeffrey Schwartz
April 17, 2018

Microsoft kicked off the annual RSA Conference with the introduction of Azure Sphere, which the company claims will bring turnkey security to IoT with a secure OS embedded onto a microcontroller to power edge devices with connectivity to the cloud.

Microsoft president Brad Smith Monday revealed an ambitious plan to offer “an end-to-end IoT solution” that the company claims will provide complete security from the edge to the cloud.

Azure Sphere will consist of embedded processors for the edge based on a new secure OS from Microsoft, embedded hardware and solution from an emerging ecosystem of partners and cloud-security services.

Smith introduced Azure Sphere at a news conference held during the first day of the annual RSA Conference, taking place this week in San Francisco. Azure Sphere promises to give partners a new and lower-cost means of creating a new generation of solutions that use smart and connected endpoints with improved threat protection, management and overall security.

The development of Azure Sphere is the culmination of a high-priority research effort kicked off in 2015 by Microsoft Research, which Smith described as among the most unique initiatives undertaken by Microsoft in its 43-year history.

Smith, who is also the company’s chief legal officer and the public face of the company’s security and privacy stance, isn’t typically the front-man for technology launches, nor his he known for hyperbole, making his characterization of Azure Sphere notable. “It goes where no company has gone before,” said Smith.

Microsoft’s Brad Smith at RSA Conference, April 16, 2018

Indeed, the new edge OS for Azure Sphere consists of a custom Linux kernel distribution, a move that appears to shed more light on last month’s major reorganization that broke up the Windows and Devices group into the new Cloud + AI Platform, led by Scott Guthrie, and Devices and Experiences run by Rajesh Jha, culminating with the departure of Windows chief Terry Myerson. A week later, Microsoft announced its plan to invest $5 billion in IoT technology, centered around bringing more intelligence and security to the edge.

Azure Sphere aims to address that with three components:

Azure Sphere Microcontroller Units (MCUs): New microprocessors the size of a fingernail will incorporate real-time processing with Microsoft’s security communications subsystem, called “Pluton.”
Azure Sphere OS: This new Linux kernel will provide a defense-in-depth OS with multiple layers of security, which Microsoft claims is not available in current real-time operating systems (RTOSes), using security technology it has offered in Windows and a “highly-secured” platform for IoT.
Azure Sphere Security Service: A complete service that monitors each Azure Sphere device using certificate-based authentication to provide trusted communications among devices and cloud services that provides threat detection, failure reports and support for device patching.

“Each Azure Sphere chip will include our Microsoft Pluton security subsystem, run the Azure Sphere OS, and connect to the Azure Sphere Security Service for simple and secure updates, failure reporting and authentication,” said Galen Hunt, Microsoft’s managing director for Azure Sphere, in a blog. The first Azure Sphere-certified chip will come from Taiwan-based MediaTek. The Wi-Fi connected MT3620 controller will provide connectivity from smart devices to the new Azure Sphere service and partner solutions.

“What we are delivering together will be the foundation for a new generation of secure intelligent-edge devices and solutions,” Hunt noted.

“MediaTek is a good partner to have,” said Laura DiDio, principal analyst with ITIC. “They will provide a Wi-Fi controller, the processor will run Microsoft’s Linux-based IoT OS and you’ve now got a highly secure, connected device at a decent price point.”

Other partnerships are in the works, Smith said, noting that 9 billion MCUs are expected to ship this year. One of the reasons Windows 10 IoT (and Windows Embedded before it) hasn’t gained the gained the momentum to other Linux-based IoT embedded OSes, was the overhead and cost. To offer a competitive solution, Microsoft is offering the MCUs free to chip manufacturers, as Microsoft moves to jump-start its new ecosystem.

“The researchers at Microsoft Research have made advances to strengthen the power of these chips and to put that power to work to protect people’s security around the world,” Smith said.

Patrick Moorhead, principal analyst and founder of Moor Insights & Technology, said that smarter and more secure MCUs are necessary, but providing an edge-to-cloud turnkey offering is technically complex.

“End-to-end security is hard to do but is needed to do to broad scale IoT right,” Moorhead said. “To maximize the degree of success, Microsoft must show a road map into the future and show details on how this isn’t a lock-in.”

Smith said claimed the system will be extensible.

“If a customer wants to continue to integrate these MCU-based devices with AWS or the Google Cloud or cloud services from IBM or Oracle or Alibaba or literally anyone else, they can do that,” he said.

Microsoft said it plans to release software developer kits for Azure Sphere supported by its Visual Studio tools next quarter with volume shipments of MCUs expected to arrive later in the year.