How long should a product’s life cycle be? Of course, that depends a lot on the product: People keep their cars for years or even decades, whereas a toothbrush usually lasts only a couple of months.
Now let’s add another dimension: How long should a connected product’s life cycle be? With more and more products being connected nowadays, getting to that answer is significantly less obvious and more complicated. Professor Ross Anderson of Cambridge University touched on the topic in his talk at 36C3 (the 36th Chaos Communication Congress), and we wanted to consider it in a little more detail.
Products without Internet access are much less likely than connected products to be hacked and turned against their owners. From an IT security standpoint, that means most products that aren’t “smart” or connected don’t need as much attention.
Connected products are different; they need to be secured during their whole life cycle. In some cases — with cars, for example — security and safety go hand in hand. Remember the hacked Jeep? That is what can happen to connected products, and it’s life-threatening.
Keeping products secure requires support and regular software updates, though. Updates must be timely, and each product will require a certain number of people. And because businesses tend to present new products more and more frequently, you could soon find yourself in need of a security team — just to keep everything running.
So, the answer seems simple: The life cycle of a connected product should be as short as possible. Take smartphones, which tend to stick around no more than three years now. Some companies stop patching their smartphones after a year or two, and some just forget about them after release. But that brings up another issue: sustainability.
Ecologically savvy customers tend to choose green products when possible, of course, but that flies in the face of the “as short as possible” approach. Every product has a carbon footprint.
Your connected products should be green; that much is clear. But what is green? Decreasing a product’s fuel or electricity consumption is not enough; in most cases, buying a new, “greener” product harms the planet more than keeping your old, not-so-green one. For example, a typical car emits less carbon dioxide over its driving life than is emitted during its production. And manufacturing a smartphone takes about 10 times the energy the phone consumes over its usable life.
Basically, that means to stay on the green side, we all need to keep our phone and car purchases to a minimum. Therefore, to help spare our planet, the product life cycle should be as long as possible.
The contradiction isn’t hard to spot: The life cycle of a connected product should be short to minimize support costs, and it should be as long as possible to protect the planet. What to do?
This seemingly intractable problem may actually have a solution. You can cut support costs not only by shortening a product’s life cycle, but also by making it more secure in the first place. We mean, secure by design. A secure product is unlikely to need regular updates to close vulnerabilities, meaning it will require less support over its life cycle.
Of course, making something secure by design is easier said than done. It requires creating products on a secure foundation — for example, employing our KasperskyOS, the micro-core-based operating system with the default deny feature, which means it allows only explicitly authorized actions, and doesn’t allow anything else. That doesn’t leave much room for vulnerabilities, because a vulnerability is usually the ability to perform actions that the device creators didn’t think of.
Secure-by-design systems such as KasperskyOS enable you to build connected products that may have a long life cycle because of their lower support costs. And longer product life cycles keep your business sustainable from the ecological standpoint. Problem solved.
To find out more about security by design and KasperskyOS, visit its dedicated Web page.