IoT is Your Next Data Silo – What Are You Going to Do About It?

5/5 (1)

5/5 (1)

The Internet of Things (IoT) solutions require data integration capabilities to help business leaders solve real problems. Ecosystm research finds that the problem is that more than half of all organisations are finding integration a key challenge – right behind security (Figure 1). So, chances are, you are facing similar challenges.

Challenges of IoT Development

This should not be taken as a criticism of IoT; just a wake-up call for all those seeking to implement what has long been test-lab technology into an enterprise environment. I love absolutely everything about IoT. IT is an essential technology. Contemporary sensor technologies are at the core of everything. It’s just that there are a lot of organisations not doing it right.

Like many technologists, I was hooked on IoT since I first sat in a Las Vegas AWS re: invent conference breakout session in 2015 and learned about MQTT protocols applied to any little thing, and how I could re-order laundry detergent or beer with an AWS button, that clumsy precursor to Alexa.

Parts of that presentation have stayed with me to this day. Predict and act. What business doesn’t want to be able to do that better? I can still see the room. I still have those notes. And I’m still working to help others embrace the full potential of this must-have enterprise capability.

There is no doubt that IoT is the Cinderella of smart cities. Even digital twinning. Without it, there is no story. It is critical to contemporary organisations because of the real-time decision-making data it can provide into significant (Industry 4.0) infrastructure and service investments. That’s worth repeating. It is critical to supporting large scale capital investments and anyone who has been in IT for any length of time knows that vindicating the need for new IT investments to capital holders is the most elusive of business demands.

But it is also a bottom-up technology that requires a top-down business case – a challenge also faced by around 40% of organisations in the Ecosystm study – and a number of other architectural components to realise its full cost-benefit or capital growth potential. Let’s not quibble, IoT is fundamental to both operational and strategic data insights, but it is not the full story.

If IoT is the belle of the smart cities ball, then integration is the glass slipper that ties the whole story together. After four years as head of technology for a capital city deeply committed to the Smart City vision, if there was one area of IoT investment I was constantly wishing I had more of, it was integration. We were drowning in data but starved of the skills and technology to deliver true strategic insights outside of single-function domains.

IoT Quote

This reality in no way diminishes the value of IoT. Nor is it either a binary or chicken-and-egg question of whether to invest in IoT or integration. In fact, the symbiotic market potential for both IoT and integration solutions in asset-intensive businesses is not only huge but necessary.

IoT solutions are fundamental contemporary technologies that provide the opportunity for many businesses to do well in areas they would otherwise continue to do very poorly. They provide a foundation for digital enablement and a critical gateway to analytics for real-time and predictive decision making.

When applied strategically and at scale, IoT provides a magical technology capability. But the bottom line is that even magic technology can never carry the day when left to do the work of other solutions. If you have already plunged into IoT then chances are it has already become your next data silo. The question is now, what you are going to do about it?

Emerging Technology
0
Encryption and IoT: Cybersecure by Design

5/5 (1)

5/5 (1)

As we return to the office, there is a growing reliance on devices to tell us how safe and secure the environment is for our return. And in specific application areas, such as Healthcare and Manufacturing, IoT data is critical for decision-making. In some sectors such as Health and Wellness, IoT devices collect personally identifiable information (PII). IoT technology is so critical to our current infrastructures that the physical wellbeing of both individuals and organisations can be at risk.

Trust & Data

IoT are also vulnerable to breaches if not properly secured. And with a significant increase in cybersecurity events over the last year, the reliance on data from IoT is driving the need for better data integrity. Security features such as data integrity and device authentication can be accomplished through the use of digital certificates and these features need to be designed as part of the device prior to manufacturing. Because if you cannot trust either the IoT devices and their data, there is no point in collecting, running analytics, and executing decisions based on the information collected.

We discuss the role of embedding digital certificates into the IoT device at manufacture to enable better security and ongoing management of the device.

Securing IoT Data from the Edge

So much of what is happening on networks in terms of real-time data collection happens at the Edge. But because of the vast array of IoT devices connecting at the Edge, there has not been a way of baking trust into the manufacture of the devices. With a push to get the devices to market, many manufacturers historically have bypassed efforts on security. Devices have been added on the network at different times from different sources. 

There is a need to verify the IoT devices and secure them, making sure to have an audit trail on what you are connecting to and communicating with. 

So from a product design perspective, this leads us to several questions:

  • How do we ensure the integrity of data from devices if we cannot authenticate them?
  • How do we ensure that the operational systems being automated are controlled as intended?
  • How do we authenticate the device on the network making the data request?

Using a Public Key Infrastructure (PKI) approach maintains assurance, integrity and confidentiality of data streams. PKI has become an important way to secure IoT device applications, and this needs to be built into the design of the device. Device authentication is also an important component, in addition to securing data streams. With good design and a PKI management that is up to the task you should be able to proceed with confidence in the data created at the Edge.

Johnson Controls/DigiCert have designed a new way of managing PKI certification for IoT devices through their partnership and integration of the DigiCert ONE™ PKI management platform and the Johnson Controls OpenBlue IoT device platform. Based on an advanced, container-based design, DigiCert ONE allows organisations to implement robust PKI deployment and management in any environment, roll out new services and manage users and devices across your organisation at any scale no matter the stage of their lifecycle. This creates an operational synergy within the Operational Technology (OT) and IoT spaces to ensure that hardware, software and communication remains trusted throughout the lifecycle.

Emerging Technology

Rationale on the Role of Certification in IoT Management

Digital certificates ensure the integrity of data and device communications through encryption and authentication, ensuring that transmitted data are genuine and have not been altered or tampered with. With government regulations worldwide mandating secure transit (and storage) of PII data, PKI can help ensure compliance with the regulations by securing the communication channel between the device and the gateway.

Connected IoT devices interact with each other through machine to machine (M2M) communication. Each of these billions of interactions will require authentication of device credentials for the endpoints to prove the device’s digital identity. In such scenarios, an identity management approach based on passwords or passcodes is not practical, and PKI digital certificates are by far the best option for IoT credential management today.

Creating lifecycle management for connected devices, including revocation of expired certificates, is another example where PKI can help to secure IoT devices. Having a robust management platform that enables device management, revocation and renewal of certificates is a critical component of a successful PKI. IoT devices will also need regular patches and upgrades to their firmware, with code signing being critical to ensure the integrity of the downloaded firmware – another example of the close linkage between the IoT world and the PKI world.

Summary

PKI certification benefits both people and processes. PKI enables identity assurance while digital certificates validate the identity of the connected device. Use of PKI for IoT is a necessary trend for sense of trust in the network and for quality control of device management.

Identifying the IoT device is critical in managing its lifespan and recognizing its legitimacy in the network.  Building in the ability for PKI at the device’s manufacture is critical to enable the device for its lifetime.  By recognizing a device, information on it can be maintained in an inventory and its lifecycle and replacement can be better managed. Once a certificate has been distributed and certified, having the control of PKI systems creates life-cycle management.

Cybersecurity Insights

1