Specifically, these enterprises are launching IoT-driven digital transformation initiatives that extend Information Technology (IT) from their data centers and offices to the Operations Technology (OT) assets they use in their factories, trucks, stores, ports, and elsewhere to create and deliver value to their customers. By using IoT applications to collect and analyze data from gateways, modules and other edge devices connected to these OT assets, and integrating this data into their IT systems, these enterprises are generating insights that allow them to improve their operational efficiency, increase their productivity, create new revenue-generating services, and deliver better experiences to their customers.
Looming over these IoT digital transformation initiatives, however, is a threat: the very real possibility that malicious actors will compromise IoT applications, stealing, exposing, or destroying the valuable data they generate. In addition, many enterprises fear another, perhaps even greater threat – that their IoT applications’ integration with their other IT systems could provide attackers with access to not just their IoT data, but other corporate data as well. The operational disruptions, as well as financial and reputational damage, such a successful attack would cause are significant. For example, in 2017 hackers used access to a smart thermostat inside a casino’s connected aquarium to retrieve sensitive data on the casino’s customers.
As this example demonstrates, enterprises that seek to make the IoT core to the success of their digital transformation strategies need to ensure that they have IoT security technology in place that can protect their IoT data as it is generated by their edge devices; encrypted and then transported through various networks; ingested and processed in the cloud; and then integrated with other corporate IT systems. Crucially, this security must be achieved in an affordable way that does not increase the cost of these IoT digital transformation initiatives to the point where they no longer deliver a strong ROI.
Meeting enterprises’ need for a cost-effective, simple, yet comprehensive end-to-end secure IoT solution that prevents attackers from being able to access not just IoT data, but other corporate data, was one of the core drivers behind the development of Sierra Wireless’ new Octave all-in-one edge-to-cloud solution.
Octave was designed to securely orchestrate IoT data, protecting IoT application data from end-to-end. This means protecting data while it is at rest and in motion, or in use, and whether it is on an edge device, being transmitted across a network, or located in the cloud. Octave was also built to protect IoT data not just at a single moment in time, but through the entire lifetime of an IoT application, by evolving dynamically to combat new threats as they emerge.
By delivering enterprises a trusted IoT data chain that extends from edge devices, through network infrastructure, to the cloud and beyond (for example, to other systems of record that are fed IoT data via APIs), the Octave data orchestration platform minimizes the risk that a security vulnerability in any of these elements has the potential to compromise the protection of their IoT application or other data. Perhaps most importantly, it does so in a way that requires much less time and money than an enterprise would otherwise spend building their own robust IoT security technology infrastructure.
How does Octave’s end-to-end approach to security enable OEMs, industrial organizations, and other enterprises to build trusted IoT data chains? How does it ensure that authentic, accurate data is securely collected from both new connected and legacy unconnected assets, empowering these enterprises to use this data to make better operational decisions and improve business efficiency?
Octave devices incorporate secure storage functionality, which allows sensitive data to be encrypted with keys derived from unique random elements embedded in the hardware of the device. This ensures that an attacker cannot remove the flash storage component, mount it on a different device, and read it.
Once data has been transferred to the cloud, Octave utilizes secure storage there as well to ensure that in the extremely unlikely event an attacker manages to infiltrate the cloud service provider data center and access the specific storage devices utilized by Octave, all they will find is encrypted data that they cannot decipher.
Octave devices automatically prevent unauthorized access, and utilize a combination of secure firmware update, secure boot and run-time storage integrity assurance to ensure only authentic code from authorized sources is allowed to be installed or execute on the device. Mandatory access control mechanisms are used to ‘sandbox’ applications to ensure one application cannot access data owned by another. This prevents an ‘authentic’ application compromised in the supply chain from accessing data belonging to other applications.
Octave utilizes a defense in depth approach to create a trusted IoT data chain. First, all Octave devices operate on a private network that only allows communication with the Octave cloud, denying internet-based attackers from monitoring or intercepting Octave traffic. Second, all communication between device and cloud is performed over encrypted tunnels with mutual authentication based on unique random credentials for each device so if an attacker manages to breach the private network, they will be unable to decipher the data they see.
Security is a journey, not a destination. New vulnerabilities are disclosed on an almost daily basis, so it is essential to be able to deploy security updates. Octave enables secure FOTA (Firmware Over The Air) capability for all its devices ensuring you can maintain the security of your IoT deployment over time, and unlike systems that charge by the amount of data transferred, Octave ensures you will not incur additional charges to deploy these updates.
This multi-layered approach to IoT security, which isolates edge devices, networks, and cloud from each other, enables an enterprise to fully control their trusted IoT data chain throughout the application’s entire life-cycle – beginning with proof of concept (POC), and continuing through development, deployment, maintenance, upgrades, and finally decommissioning. This allows them to protect their IoT applications – as well as the corporate systems these applications connect to – from being compromised, even as new types of cyber-attacks and vulnerabilities emerge over these applications’ lives.
All security comes with a trade-off between the robustness of the security system put in place and the financial, time, and resource costs involved in implementing this security. This is particularly true of the IoT, where the complexities involved in protecting edge devices, networks, and the cloud elements of an IoT application require deep levels of expertise not just in each element, but also in how they interact with each other.
Octave’s trusted IoT data chain cut through this complexity, enabling enterprises to orchestrate their IoT application's securely from industrial assets to the cloud, over the application’s entire lifetime, without forcing them to incur high costs that might otherwise slow or stop the implementation of their IoT digital transformation initiatives. Empowered to protect their IoT applications – and the other corporate IT systems these applications are integrated with – from cyber-criminals, Octave helps enterprises move confidently ahead in using the IoT to re-imagine their businesses, and their future.
Start with Sierra to find out more about how the Octave all-in-one, edge-to-cloud solution empowers you to securely extract, orchestrate, and act on data from your OT assets, from the edge to the cloud.