The IoT market

Simon Segars expects Arm's partners to ship 50 billion chips in the next two years.

Above: Simon Segars expects Arm’s partners to ship 50 billion chips in the next two years.

Image Credit: Dean Takahashi

Question: You talked about how the new area of expansion for you is this emerging market in IoT. How is that business going?

Segars: It’s something we saw a long time ago, pre-acquisition. Thinking about IoT, what the challenges are in bringing IoT devices onto the network. We’ve spent the last three years since acquisition accelerating our work in that area. Last year we did a couple of acquisitions to complete a platform approach that we’re taking to market.

We’re looking at, in a sophisticated IoT device — it’s going to be running some software workload. You need to worry about keeping that up to date. Security threats come up all the time. All of these computers have security updates pushed to them every other day, it seems at the moment. There’s a future where everything that is connected to the network is going to have to be managed in a similar way. Part of the infrastructure we’ve been building is to enable that.

Our IP down to the chip needs to allow for secure code to be installed on the chip, to allow for over-the-air software updates, even in a microcontroller. An operating system that can run on top provides those features through our API, and then you plan a service that can run on it. That’s part of the platform as well.

Those devices are connected, obviously. Increasingly they’ll be connected over a cellular network. That connection needs managing. One of the acquisitions we did last year was for a company that has built a platform that enables cellular-connected devices like phones to be managed over the mobile network. When you have that connected, you have this data coming from it. You need to ingest that and organize it so you can build a specific application that’s going to enable you to get something out of the data coming in from this physical thing.

We’re putting all of that together. The acquisitions we did last year went well. They’ve grown very nicely in the last four months. We’re engaging with people who want to build sophisticated IoT solutions, who really care about security, who really care about understanding that what they’re talking to is the genuine device, and not some counterfeit thing that’s spamming the network. The delivery of that, the rollout of those solutions, takes some time.

We’re pleased with the progress. We’re finding customers that really care about the future, that we think are going to be important, that are going to be found in everything. We’re working closely with them.

A bigger focus on security

Security is increasingly important to the Arm ecosystem.

Above: Security is increasingly important to the Arm ecosystem.

Image Credit: Dean Takahashi

Question: There’s been an increased focus on security. What is driving that? What do you see as the drivers?

Segars: In a world of billions of connected things, the level of security threat that introduces is something that we just don’t seem to talk about. There aren’t many of these things, really, in the world, relative to what we anticipated with IoT. These are all managed devices. People are now building, very quickly, IoT-like things that have no security in them at all.

As we saw the other day, when I was talking about — the security cameras at Amazon, someone had done something with them, taken them all apart and realized that they’re all horrific from a security point of view. As a consumer, how do you know? And the answer is you don’t. He was going to fix it. In something that isn’t a managed device, you can’t do that. Too bad.

Our view has been that if that situation continues, and people start deploying insecure IoT devices, then bad security incidents will happen. People will lose faith in IoT. That will be a limiter to the growth of the market. We want to try to build a world where IoT has great security, and the industry that provides it — which is a combination of us as an IP company, chip companies, software companies, service providers — collectively takes responsibility to provide good service.

That’s why we’ve been making a big deal out of this. We do think it starts down on the device. We want to help build secure devices. But it does require a lot of cooperation across the industry to make all this in a way that people can trust it.

Question: If your software is not secure, though, it doesn’t matter whether the device isn’t secure, right?

Segars: Increasingly, as systems get more sophisticated, it is the interaction of hardware and software that can lead to security vulnerabilities. You take Spectre and Meltdown. That was a class of security attack that nobody had thought of before. I sat down with our chief architect and explained it to him. Who in their right mind thought of that? But somebody did.

Some things like Spectre and Meltdown can be fixed relatively easily without a hardware change. But other things are actually about the interaction of the hardware and the software. You cannot look at each component in isolation. You have to think about the system and the interaction of the different components of the system. That’s why collaboration is required across all the companies in the supply chain.