One factor that complicates the creation of secure IoT devices, especially for global
markets, is the different regulatory environments that govern them. Fumagalli notes
that legislation in this sector varies widely between nations. Some require certain
data protections, while others limit the strength of encryption you are allowed to
use. "Some legal regulations can limit the security," he explains, "such as the limit
on encrypting data. Unfortunately, in that case you are not allowed to exceed the
limit, which may force you to use security that is below the threshold the designer
established. You may need to use some tricks to improve the situation. In these
cases, it is better not to settle for a lower level of security."
Fumagalli emphasizes the importance of contacting professionals who can clarify
the details of legal requirements and the regulatory limits so that you are in the
best position possible to understand those regulations. He also suggests engaging
with a designer from outside the office who has experience with those regulatory
challenges. Although that person cannot design your product for you, his or her point
of view may help you find the right path.
In designing a secure IoT device, the ultimate goal is to build in the best security
possible without exceeding the product budget.
14
" Using the currently
available version
of the software is
important, which
means staying in
touch with chip
and operating
system builders."
