The Embedded Security Paradox
By Bill Graham
For embedded systems developers, there exists a paradox in that security for the device is a high priority or "must-have" capability but it’s at odds with market and business requirements for their device as this often lengthens development time. Not only that, the nature of embedded systems is changing to a highly networked interconnected environment that increases the demand for security while further complicating it. Let's look at this in a bit more depth:
Embedded developers are more aware of security requirements for their devices. However, they need to balance the design and implementation of security in the device with its functionality, performance, and intended market. Furthermore, securing a device must not cause its delivery to be well beyond the forecast schedule or cost. Although security is an important feature for a device, it is not necessarily a differentiating feature, yet expected capability. Customers expect security but won't pay more for it nor choose your product over another because of it (in the long term). A delicate balance is required to make sure a device is as secure as it can be given these competing factors.