#008 - Are Embedded Manufacturers Ready for IoT Security Compliance Demands with Francois Baldassari

In this episode, Jacob Beningo interviews François Baldassari, Memfault CEO, about IoT security compliance demands. They discuss embedded manufacturers' readiness for new security regulations, the challenges they face, and potential solutions.

They also explore the differences between the EU's Cyber Resilience Act and the US's Cyber Trust Mark. François emphasizes the importance of OTA updates, using open-source software, and building security teams within hardware companies. He also highlights the need for collecting the right data and observability to improve security posture.

Takeaways

- Embedded manufacturers are not fully ready for new IoT security compliance demands.
- Regulatory frameworks like the EU's Cyber Resilience Act and the US's Cyber Trust Mark are coming into effect and will require certification of cybersecurity guidelines.
- Challenges include the uncertainty of the regulations, the additional costs and effort required, and the lack of established infrastructure and best practices.
- Recommendations for compliance include implementing OTA updates, using open-source software, adopting SBOM scanning, and ensuring observability of devices.
- AI is not currently a solution for compliance, but it may play a role in the future as more data is collected and analyzed.
- Joining the conversation around open-source products and following security best practices can help improve device security.

Chapters
00:00 - Introduction and Background
04:42 - IoT Security Compliance Demands
08:04 - Challenges and Readiness of Embedded Manufacturers
11:24 - Recommendations for Compliance
19:35 - The Role of OTA Updates and Open-Source Software
23:28 - Building Security Teams and Ensuring Observability
28:46 - Differences Between EU and US Regulations
35:20 - The Potential Role of AI in Future Compliance