Azure Sphere, Internet of Things, Thought leadership
Introducing Microsoft Azure Sphere: Secure and power the intelligent edge
By Galen Hunt Distinguished Engineer and Managing Director, Microsoft Azure Sphere
6 min read
In the next decade, nearly every consumer gadget, every household appliance, and every industrial device will be connected to the Internet. These connected devices will also become more intelligent with the ability to predict, talk, listen, and more. The companies who manufacture these devices will have an opportunity to reimagine everything and fundamentally transform their businesses with new product offerings, new customer experiences, and differentiate against competition with new business models.
All these everyday devices have in common a tiny chip, often smaller than the size of your thumbnail, called a microcontroller (MCU). The MCU functions as the brain of the device, hosting the compute, storage, memory, and an operating system right on the device. Over 9 billion of these MCU-powered devices are built and deployed every year. For perspective, that’s more devices shipping every single year than the world’s entire human population. While few of these devices are connected to the Internet today, within just a few years, this entire industry, all 9 billion or more devices per year, is on path to include connected MCUs.
Internet connectivity is a two-way street. With these devices becoming a gateway to our homes, workplaces, and sensitive data, they also become targets for attacks. Look around a typical household and consider what could happen when even the most mundane devices are compromised: a weaponized stove, baby monitors that spy, the contents of your refrigerator being held for ransom. We also need to consider that when a device becomes compromised, it’s not just a problem for the owner, it can also become a problem for society. A device can disrupt and do damage on a larger scale. This is what happened with the 2016 Mirai botnet attack where roughly 100,000 compromised IoT devices were repurposed by hackers into a botnet that effectively knocked the U.S. East Coast off the Internet for a day. It’s of paramount importance that we proactively address this emerging threat landscape with solutions that can keep pace as connected MCUs ship in billions of new devices ever year.
Here, you can read more about how in 2015 a small team of us within Microsoft Research began exploring how to secure this vast number of MCU-powered devices yet to come online. Leveraging years of security experience at Microsoft, and learnings from across the tech industry, we identified The Seven Properties of Highly-Secure Devices. We identified the need for a hardware root of trust to protect and defend the software on a device. We identified the need for multiple layers of defense-in-depth, both in hardware and in software, to repel hackers even if they fully breach one layer of security. We identified the critical need for hardware, software, and cloud to work together to secure a device. Over time the Seven Properties gained traction and became the foundation for a movement within Microsoft – which ultimately brings us to today.
Securing the billions of MCU powered devices
Today at RSA 2018, we announced the preview of Microsoft Azure Sphere, a new solution for creating highly-secured, Internet-connected microcontroller (MCU) devices. Azure Sphere includes three components that work together to protect and power devices at the intelligent edge.
- Azure Sphere certified microcontrollers (MCUs): A new cross-over class of MCUs that combines both real-time and application processors with built-in Microsoft security technology and connectivity. Each chip includes custom silicon security technology from Microsoft, inspired by 15 years of experience and learnings from Xbox, to secure this new class of MCUs and the devices they power.
- Azure Sphere OS: This OS is purpose-built to offer unequalled security and agility. Unlike the RTOSes common to MCUs today, our defense-in-depth IoT OS offers multiple layers of security. It combines security innovations pioneered in Windows, a security monitor, and a custom Linux kernel to create a highly-secured software environment and a trustworthy platform for new IoT experiences.
- Azure Sphere Security Service: A turnkey, cloud service that guards every Azure Sphere device; brokering trust for device-to-device and device-to-cloud communication through certificate-based authentication, detecting emerging security threats across the entire Azure Sphere ecosystem through online failure reporting, and renewing security through software updates. It brings the rigor and scale Microsoft has built over decades protecting our own devices and data in the cloud to MCU powered devices.
These capabilities come together to enable Azure Sphere to meet all 7 properties of a highly secured device – making it a first of its kind solution.
What device manufacturers are saying
“Sub-Zero and Wolf have had a legacy of innovation in food preservation and preparation for over 70 years and we see significant opportunity in the connected devices market to create new and unique customer experiences. As our homes become more connected, we place significant value on the security of connected devices, so we can focus on continuing to deliver an exceptional customer experience. Microsoft’s approach with Azure Sphere is unique in that it addresses security holistically at every layer.”
– Brian Jones, Director of Product Strategy and Marketing, Sub-Zero
“Glen Dimplex is a leader in development of intelligent heating, renewable energy solutions and domestic appliances. We recognize that addressing security at every layer of connected devices is critical to shipping connected devices with confidence. The work Microsoft is doing with Azure Sphere uniquely addresses the security challenges of the connected microcontrollers shipping in billions of devices every year. We look forward to integrating Azure Sphere into our product lines later this year.”
– Neil Naughton, Deputy Chairman, Glen Dimplex
We’ve been sharing our plans for Azure Sphere with device manufacturers across multiple verticals including whitegoods, agriculture, energy, and infrastructure and their enthusiasm has been consistently centered around three core benefits:
Our device manufacturing partners consider security a pre-requisite for creating connected experiences, and they know that single line-of-defense and second-best solutions are not enough. Azure Sphere provides security that starts in the hardware and extends to the cloud, delivering holistic security that protects, detects, and responds to threats – so they’re always prepared. And they love the fact that our solution is turnkey, eliminating the need to invest in additional infrastructure and staff to secure these devices.
As device manufacturers look to transform their products, they are also looking for ways to lower overhead and increase team efficiency. Azure Sphere’s software delivery model and Visual Studio development tools deliver productivity and dramatically optimize the process of developing and maintaining apps on their devices. This means our device manufacturing partners can bring products to market faster and they can focus their efforts on creating their unique value.
The real magic begins when device manufacturers start imagining the possibilities that open with Azure Sphere. The built-in connectivity and additional headroom included in Azure Sphere certified MCUs changes everything. Our device manufacturing partners are re-thinking business models, product experiences, the way they service customers, and the way they predict the needs of their customers. It’s been incredible to watch them design next generation experiences with Azure Sphere.
Our silicon ecosystem
Having the right set of silicon partners has been an important part of our journey in bringing Azure Sphere to market. We’ve been working directly with leaders in the MCU space to build a broad ecosystem of silicon partners who will be combining our silicon security technologies with their unique capabilities to deliver Azure Sphere certified chips. With our silicon partners, we’ve created a revolutionary new generation of MCUs. These chips have network connectivity, unequalled security, and advanced processing power to enable new customer experiences. Each Azure Sphere chip will include our Microsoft Pluton security subsystem, run the Azure Sphere OS, and connect to the Azure Sphere Security Service for simple and secure updates, failure reporting, and authentication.
The first Azure Sphere chip, the MediaTek MT3620, will come to market in volume this year. Over time we will see other silicon partners introducing their own Azure Sphere chips to the market. To ensure our ecosystem of partners expands rapidly, we’re licensing our silicon security technologies to them royalty-free. This enables any silicon manufacturer to build Azure Sphere chips while keeping costs down and prices affordable to device manufacturers.
We can’t wait to see what you build with Azure Sphere
Today, Azure Sphere is in private preview. We’re working closely with select device manufacturers to build future products powered by Azure Sphere. We expect the first wave of Azure Sphere devices to be on shelves by the end of 2018. Dev kits will be universally available in mid-2018. We fully expect to be surprised by the innovative ideas that you invent for the world and for your customers. We can’t wait to see what you will build!
For more details, please visit the Azure Sphere website.
Learn more about the origins of Azure Sphere and the team that built it on the Microsoft Research blog.