Every industry from Retail to Healthcare and Finance is being revolutionized by technology, with a goal of creating a more rewarding and interactive customer experience. In the embedded systems world, which includes devices such as point-of-sale (POS) systems, self-checkout terminals, point-of-care medical modalities, ATM machines, thin-client computers and gaming systems, the market is being driven by the need for reduced time-to-market and the use of advances in hardware and software technologies to create a richer customer experience, while also keeping the total costs of ownership of the embedded system low.

Hiromu Yoshimoto, Manager Sharp Corporation

While embedded systems of the past used specialized hardware running proprietary software, there has been a shift in recent times towards standardizations such as Unified Point of Sale (UPOS) in the retail industry. Standardization has enabled devices to become increasingly interconnected and has allowed for the use of off-the-shelf software on commoditized hardware running commercial or open operating systems such as Windows XP Embedded, WEPOS, and Linux. These standards and general purpose operating systems have provided greater flexibility for software selection, faster time to market, and mid-cycle adoption of new technologies. This flexibility has come at the expense of unwanted software changes, security breaches and compliance challenges for these difficult-to-service embedded systems. It has become increasingly difficult to answer the question: Will your device operate in the field as shipped?

Similar to a PC in a networked environment, today’s embedded systems are susceptible to security risks, constant patching and the use of performance-draining anti-virus software applications. Embedded systems have also become vulnerable to unauthorized and inappropriate changes as they flow through a typical multi-party distribution channel, which often results in field breakage. These factors can lead to non-compliant devices as they operate in the field. And until recently, device manufacturers have not had control over what software is installed and by whom after the device leaves the manufacturing process, leaving no way to ensure the device will continue to work in the field as shipped.

Bob Tramontano, VP of Self-Service NCR - Financial Solutions Division

Solidcore change control technology for embedded systems offers the capability to enforce what is installed, uninstalled, upgraded, or modified to the base software image of a networked device in production in two distinct workflows. First, the software provides control as a device flows through its multi-stage manufacturing lifecycle and as various channel vendors attempt to install their own software. Second, it controls the state of a device once in production to ensure operational maintenance and support is conducted in accordance with the device manufacturer’s policies.

Say “Goodbye” to Anti-Virus

From a security perspective, Solidcore’s change control also helps control what can run, providing protection against existing and any unknown zero-day polymorphic threats. By acting as a “concrete wrapper” around the gold base image of an embedded system, the change control software can ensure a device in production is secure and cannot be compromised. And because any changes attempted by malicious code or unauthorized users are prevented, the need for anti-virus and other security software packages is eliminated. This lock-down mode helps eliminate emergency patching, reduces the number and frequency of patching cycles, and enables more time for testing before patches are deployed to in-production systems.

The runtime control element of change control software can also help reduce the cost of operations by reducing both planned patching and unplanned recovery downtime, thereby increasing device availability. This often becomes an ideal feature for difficult-to-service, remote and lower-margin devices running vulnerable commercial operating systems and applications. The capability can lower support costs by reducing the number of touch-points needed.

Hiroshi Komura, General Manager i-Appliance Division NEC Infrontia