BUILT-IN VS BOLTED-ON SECURITY

 

According to a recent white paper by the British semiconductor technology company ARM, 1 trillion Internet of Things (IoT) devices will be built between 2017 and 2035 (Marshall, 2017). Examples of IoT devices are: connected appliances, smart home security devices, wearable health monitors, fitness trackers, biometric scanners, and ultra-high speed wireless internet (Thomas, 2022). Vijendra Katiyar, director-Enterprise Business in India stated that, “As the IT infrastructure evolves and becomes more complex, security needs to be built in, not bolted on later,” (Nandikotkur & Ross, 2019).

Server vendors tend to fall into two different security categories. Providers tend to “bolt on” security measures after manufacturing the hardware. Partners build security into their products and processes from start to finish, (CIO, 2018). Cyber-resilience and cybersecurity are quite different in the fact that cyber-resilience requires built-in features at every stage of the server design and production process. Whereas cybersecurity is bolted on after the product is already complete, as sort of an afterthought (CIO, 2018).

Many times organizations focus mostly on operating system and application security concerns and not on the hardware side of security (CIO, 2018). In order for a system to be the most secure both software and hardware security must be applied. Bolted on, or software security can come in many forms such as: encryption and antivirus software, VPNs, among others. Built in, or hardware security can come in forms of: immutable silicon root of trust, BIOS security, and physical security (CIO, 2018).

Although bolted on security is often more costly, and should be planned and purchased at the manufacturing\hardware vendor level in the form of secure processors, it can also be updated later as firmware, and can even be implemented single-sign-on, or other “plug-in” features, and additional physical hardware security. I believe this is why bolted on security is most often used; it is easier to apply afterwards, and is usually the cheaper method to help secure computer systems.

 

References

Built in or bolted on? CIO. (2018, April 24). Retrieved March 29, 2022, from https://www.cio.com/article/228796/built-in-or-bolted-on.html

MarshallCEO, P. (2017, November 22). Why cyber security must be built in, not bolted on. Automation World. Retrieved March 29, 2022, from https://www.automationworld.com/factory/iiot/blog/13318082/why-cybersecurity-must-be-built-in-not-bolted-on

Nandikotkur, G., & Ross, R. (2019, June 11). Why security needs to be built in, not bolted on. Bank Information Security. Retrieved March 29, 2022, from https://www.bankinfosecurity.asia/security-needs-to-be-built-in-bolted-on-a-12586

Thomas, M. (2022, February 18). 27 top internet of things examples you should know. Built In. Retrieved March 29, 2022, from https://builtin.com/internet-things/iot-examples