Connectivity is a core capability of the Internet of Things (IoT). Massive mobile network operator (MNO) investment in connectivity infrastructure has given the industry a strong market position. But this technology was focused on SIM cards in mobile devices, selling connectivity contracts to individuals. It is no longer just people, but now also devices connecting to the internet. At first glance the solution might seem simple: put a SIM card equivalent into an IoT device and have it connect to the internet. But this may not be ideal with challenges of scale and device constraints.
Options for low power, low bandwidth connectivity technologies ideal for IoT quickly proliferated. Names like LoRa and SigFox are examples.The telecom industry faces the challenge of trying to be more than a low margin carrier backbone. The answer to this challenge may emerge with 5G, and initiatives like LTE-M, NB-IoT, EC-GSM. Each has its own advantages and disadvantages, but the key idea to keep in mind is that one-size-does-not-fit all. IoT projects span verticals as varied as energy, utilities, transportation and smart cities. These are complex rollouts involving multiple third parties and a wide supply chain.
Telecom enterprises are looking further than just connectivity. They want to climb higher the value chain and offer value-add services to their customers. Once digital assets from IoT devices has been transported to cloud based analytics, data can be used to make better business decisions, cutting costs and providing new revenue streams. The future has arrived when it comes to new service delivery models based from the cloud. Entirely new business models are possible with IoT, but there remains another challenge to solve before this value can be extracted.
Need for Security
Traditional IT has witnessed the end result of designing systems without security as part of the original design. The financial industry has lost millions of dollars in cyber fraud. Health care has lost thousands of private patient records. On any given day we may see another headline with millions of credentials being stolen from another online entity. There is even speculation about the elections being influenced by malicious cyber attacks.
The verticals being serviced by telecom face similar attacks. The Mirai botnet has shown us that weak authentication for IoT devices is low hanging fruit for attackers. This is also true for automobiles and energy. We have been shown the scale to which IoT devices are connected to the public internet with weak authentication. Security will be a gating factor in IoT. The challenge is how to bring IoT products and related service delivery to market quickly, secure by design.
We can learn from the attackers. Whether in traditional IT or industrial OT environments, attackers have targeted weak identity security to accomplish their goals. If devices, applications and people can secure their identities the cost to the attacker to accomplish their goal rises dramatically. IoT devices should not be using username/password authentication. Automobile head units should not be authorized to send commands to the braking system. Data from a smart meter should have its integrity protected, and the destination of that data should be assured of where that data came from. Digital identities are vital to ensure these security functions.
Digital identities come in several forms. For IoT, long lived devices that live in high risk, high value environments ideally have digital identities with lifespans. This requires managed identity infrastructure, from the root of trust, to the issuance of the trust anchors, and throughout the lifecycle from pre-manufactured devices to post-installation and end-of-life. Identity lifecycle and policy management at scale requires a security solution that is built by experts.
Vital Characteristics of an IoT Security Solution
What are the characteristics of a security solution that can address the challenges facing telecoms in their bid to capture market share of IoT projects? From a technical standpoint, the security solution needs to provide data integrity from device to the enterprise data hub. The solution also needs to provide strong device authentication and policy based authorization.
The scale of projects will require the solution to begin the process of security early in the supply chain and also be able to provide security for finished IoT CoTS products. In the one-size-does-not-fit-all world of telecom projects, a security solution needs to be flexible in several ways. The security solution will need to be enable cloud base delivery as well as on-premise. The security solution needs to be agnostic to existing IoT platform, protocols and other siloed technology stacks.
Verticals such as energy, utility, manufacturing require rock solid uptime and reliability. Some cannot afford downtime to retrofit. Many IoT networks and devices will be constrained, or be a combination of brownfield and greenfield. Rollouts in these environments are a challenge to secure.
IoTrust is a security platform addressing the above challenges. Beyond technology, Entrust Datacard focuses on the business outcomes enabled by IoTrust. Decades of experience is complex security solutions means that Entrust Datacard can help bring your IoT product to market faster, securely.