Everyone has IoT devices now, whether an Alexa device, smart thermostat or an entire smart warehouse. Are these devices protected? What easier attack vector than hacking into an endpoint and stealing sensitive data or dropping in ransomware?
Ubuntu Core 20
IoT devices are vulnerable to attacks, and many are not sufficiently secured. Canonical can help manufacturers deploy its Ubuntu Core 20 with advanced security features to protect those devices from attack.
The recent Core 20 release has two key highlights. The first is heightened endpoint security with two key new features, Secure Boot and Full Disk Encryption. The second innovation is Smart Start, a go-to-market service for enterprise or start-up OEMs that want to build and commercialize smart devices without internal expertise. Canonical offers this out-of-the-box solution with Ubuntu Core 20 because the requirements for commercial-grade security on IoT are rapidly increasing.
In the EU, the principle of cybersecurity by design and default is stipulated in the Cybersecurity Act. Many of Canonical’s customers and innovators struggle to implement some of these capabilities. Canonical wants to offer these customers and the broader IoT market Ubuntu Core 20’s advanced security capabilities out of the box. This means that developers can focus on building and deploying applications.
Two key features of Core 20 that Ubuntu’s customers in the community struggle to implement were Secure Boot and Full Disk Encryption; now it is available out of the box, anyone who wants to use it can activate it at the push of a button.
What Are the New Features?
Secure Boot guarantees and verifies the authenticity of the software installed on your devices at every boot. Why is that important? Because IoT devices are distributed and dispersed everywhere and are physically accessible. A bad actor could easily find their way into those IoT devices and alter the software on the device. Secure Boot precludes that by verifying that the boot originates from the device manufacturer. This is offered free with Ubuntu Core 20.
The second key security feature is Full Disk Encryption. This is again the same scenario as the uses for Secure Boot; devices dispersed in the field but running privacy-sensitive or business-sensitive applications with secrets stored on the device, such as private data like video or audio recordings. Camera applications or gadgets like Alexa devices fall under this category. This data needs to be protected because they are easily accessible, and the data can quickly be hijacked. Canonical’s Core 20 encrypts this data on the disc so that bad actors cannot manipulate the devices and extract sensitive data from the device.
Ubuntu Core 20 also includes a recovery system that makes it easy to back up a device configuration to recover the devices quickly. The recovery can even happen remotely.
Many enterprises are undergoing a digital transformation, and IoT is part of that digital transformation. There are a broad range of Ubuntu customers from every industry, and many see the value in IoT but don’t necessarily have the expertise. For example, a manufacturer of smart glasses doesn’t necessarily have a Linux team in house and may not want to invest the CAPEX to have one for just one smart device in its product line.
Not have the right IoT on hand was a barrier to entry for many companies interested in developing smart devices. Hence Ubuntu’s Smart Start, a new release of its expertise as-a-service, will allow companies to develop IoT capabilities, build intelligent devices, and go to market with these devices using Ubuntu’s developers.
Device manufacturers will become more aware of the need to build for updatability, extend their lifespan, and adhere to regulations – in the EU in particular. Once IoT device manufacturers realize the necessity of updatability, Ubuntu’s Smart Start may be their go-to solution.
The Ubuntu Core 20 difference
Ubuntu Core 20 is the IoT release using snap instead of apt for package management. The Ubuntu Core 20 operating system is built with security also embedded thanks to snaps. The OS is built for developer productivity because everything is containerized, modularized, composable – because of snaps.
Comparing this to other Linux’s, most are more monolithic in software architecture. With Ubuntu Core 20, there are mechanisms for software updates over the air. All of this is offered out of the box, while other Linux distribution users have to build all infrastructure and features. Ubuntu Core supports Arm, x86, and many other architectures.
Ubuntu’s Core 20 is one of its key innovations, and it is bringing a security guarantee to the IoT sphere.