Why outsourcing the development of security architecture is risky
As I mentioned in my last post, the rise of embedded operating systems that run on inexpensive hardware and use the universal TCP/IP communications protocol has expanded our view of what a computer is. Beyond obvious computer kin like smartphones and tablets, we now connect media streamers, thermostats, vacuum cleaners, and multifunction printers (MFPs) to the network, creating an ever-growing “Internet of things.”
Lexmark smart MFPs are part of this revolution, with their ability to run applications, capture and share data on a network, be centrally managed, receive software updates and communicate with remote users and devices. Because they’re connected to the same universe of digital good and evil that all intelligent devices live in, security has to be designed in from the caster base up.
In the minds of consumers, the company that brands a product is the manufacturer, so few would even think about where, say, Target’s store-brand paper towels are made. Hint: It’s not in a factory that Target owns or operates. More likely, they’re made in the same factory that cranks out the “national brand,” as well, even if the two products differ in packaging or specifications.
Similarly, technology products branded under one name are often the result of engineering paid for or licensed from outside companies, unknown to consumers, brought to market under a trusted brand.
For some products, the quality of licensed components or third-party product development is first-rate, and gives a manufacturer greater flexibility and agility putting a finished product on the shelf. When it comes to developing the security architecture of tech hardware and software, however, such outsourcing is risky.
First, it could force a manufacturer to share proprietary information about their products outside their organization. It could expose customers to security vulnerabilities in externally secured products or components. And, because it is an architecture that is shared among – you might even say woven into – a wide range line of products, it can’t exactly be tacked on. It needs to be strategically planned and owned for the long term by the manufacturer who has so much riding on the security of its customers’ data and its own reputation in the market.
Next time, we’ll examine how Lexmark goes about creating this security-centric operating systems that run its smart MFPs and printers.