IoT Product Lifecycle Part 1

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with

Already have an account? Sign In »

8 hours 10 minutes
Video Transcription
Hi, I'm Matthew Clark and this is less of 1.3 I o t product lifecycle Part one.
In this lesson, we'll look at I o t product lifecycle. We're gonna learn about Ohms and discuss different types of Ohms.
We're gonna investigate on Alexa enabled product, and we're going to discuss contract manufacturers, their purposes, their advantages and their disadvantages.
Lastly, we will introduce the concept of supply chain security. So let's get started.
Let's start our discussion by defining the acronym OH am
O. E. M stands for Original Equipment manufacturer, which is the organization that designs I ot sensors, actuators or devices.
Generally, an OM sells an I O T. Device under their own brand.
Or they could produce a product like a sensor or actuator, which is used internally by another I ot device maker.
Ultimately, the OM is responsible for the security of the device. The manufacturer.
If you use a really broad definition, you might say that there are at least three types of OEM's.
First, we have a pure i o T company, meaning I o. T. Is what they do. It's what they've always done. Fitbit ring or good examples.
A second type of odium might be a technology company that thinks, Hey, we already have software engineers. How hard could it be to make something in the physical world?
Well, just asked Microsoft about Windows Mobile Zoom or Microsoft Portrait
about how hard it really is to do that.
A possible third type of i o T O E M. Might be a traditional old school manufacturer that's retrofitting existing products with quote smart technology,
for example. A slow cooker now comes with an app that you can remotely turn on.
I even saw a commercial for an Alexa enabled faucet installed in the kitchen sink.
How in the world are you going to use that thing?
Because you're generally at the sink when you need to use it. And for me, at least, it's harder to talk to Alexa than it is to move the faucet lever or touch the stem to turn it on. If you have one of those fancy sinks,
I think the commercial shows that the OM is still struggling with how to use this thing.
The commercial has a dog placing his empty water bowl in the sink, and because the thoughtless owner had forgotten to enable Alexa skill for translating dog barking sounds, the owner still had to tell Alexa to cut the water on.
The obvious question is, how is the dog going to get us full water bowl out of the sink,
which is a different lesson. Just because you could do something doesn't mean you should. And we're going to talk about a scary toothbrush later on where this lesson is learned very quickly.
Leave Brother Stone has a hilarious video on the concept of traditional manufacturers. Getting into the I. O T space have included a link to it in The resource Is for your enjoyment.
A contract manufacturer handles the manufacturing process for No AM Under the O. E M brand
contract manufacturers can handle the Assembly of subparts and Final, manufacturer of the end product.
There are advantages and disadvantages to using a contract manufacturer.
The advantages include that there are enormously valuable, smaller companies that do not have the capital to stand up manufacturing facilities of their own, so it helps them save cost.
They do provide scalability, and the contract manufacturers can ramp production up or down, leaving the OM free from labor and equipment issues,
and it does provide flexibility as well. You could run production when it makes sense to run production.
Contract manufacturers are also valuable to existing manufacturers because they do not have to retool their factories for a new product.
Sometimes the contract manufacturer will work alongside the AM to develop a new product. In ACT is a trusted partner.
They can provide technical insight based on their experiences, working with other OEM's building, similar I ot devices
and sometimes there simply just providing a service
many times it is just about the money.
Contract manufacturers can help reduce cost. But like I said, there are disadvantages.
Using a contract manufacturer is not a panacea. It's not a perfect solution. And not all the problems will go away if if you use one.
And sometimes it's hard to make small or limited runs or blessing 1000 units, which could be difficult if you're in the beginning stages of product development and we'll talk more about that in a later lesson.
It's not always about the money. Contract manufacturers may save money, but it may be difficult to find high quality.
Whenever you use an outside partner, you do give up some measure of control. For example, you could lose knowledge of the manufacturing process. So if you needed to bring this in house or change your outsourced manufacturer, that lack of documentation may prove costly.
Another issue is how do you find the root cause of production problems? If the facility is offshore,
how sourcing doesn't automatically decrease risk either You might actually end up increasing risk. Overall,
this is your intellectual property in the hands of someone else.
This is your branding your reputation.
Speaking of all, shore communication may be difficult.
This and this just isn't a language barrier. In fact, language may not be an issue at all. You may find that time zones are a bigger issue and lead to significant communication issues, especially if there's a 12 hour difference between the O. E. M. And the supplier.
Speaking of suppliers, let's talk about supply chains.
It's important that we understand the overall supply chain involved in bringing an I T. Device market.
If we're going to understand i o. T security, we have to understand the devices roots, and that means understanding the supply chain
supply chain includes everything involved in bringing the device to market,
which includes hardware such as the silicon vendors and memory and solid state drive vendors, as well as the PCB board manufacturer. And PCB is an acronym for printed circuit board as the greenish board that holds the resistors, capacitors and microcontrollers that make the device work.
It also includes the software,
which could be the board's support packages and software development kids, as well as contract application developers, which of the people who are writing the code in many cases.
It can also include open source code, which is often overlooked,
which could have security implications depending on when it was last updated. If it was updated.
It also includes cloud service providers, which provide identity services, perhaps using a cloudhsm.
Or they could provide application back in services like databases, cloud storage servers and so forth.
Integration points with third party A P I also need to be included, such as Amazon, Alexa with Echo or Google Home with Nest.
In this lesson, we discussed the I O T product life cycle,
including learning about the role of a no am
We talked about Alexa enabled faucet and determined. I ot just might be going to the dogs and we discuss contract manufacturers. We learned about their role and we discussed the advantages and disadvantages of using them.
Lastly, we introduced the concept of supply chain security and attempted to demonstrate how third parties can affect overall device security. I'll see you next time.
Up Next
IoT Product Security

This course will focus on the fundamentals of how to set up a functioning IoT product security program from the perspective of a company that designs, manufactures, and sells IoT and IIoT devices for consumer or industrial use.

Instructed By