April 5, 2023

SaaS-based IoT Security Solutions

The advent of connected devices has brought about significant change in the technology industry.  We all accept that data is power – the more we know about our devices and users, the more effectively we can serve their needs.  The integration of connected devices has transformed several industries, including healthcare, transportation, and manufacturing. For example, where previously medical devices and data would be managed by expensive and disparate on-site technicians, with a secure connected network of devices, the management of data is centralized, streamlined, and gives rise to new opportunities and innovation.

However, it doesn’t take long in the design process before the security implications of connected devices is apparent. The data generated by these devices can vary drastically; from seemingly innocuous user preferences, to real-time vehicle safety data, and critical infrastructure sensor output. When significant business decisions are made off the back of connected device data, it’s of paramount importance that the integrity of the data can be verified.

Consider a typical industrial use-case – Oil and Gas sensors along endless miles of critical pipeline infrastructure. Tens of thousands of sensors, continuously report pressure readings, flow rates, and potential leaks in the system. The decisions made on account of this data are hugely impactful, and very resource-intensive.  But how can we be sure that every sensor reading we see, is a genuine sensor reporting genuine data? Counterfeit devices are rife, and malicious network activity is common-place in all industries.  KeyScaler provides a secure and robust means of verifying and validating every device in your estate, and ensuring the integrity of the data collected. After all, if you can’t trust the device, you certainly can’t trust the data.

So how do we do it? 

Since it was first used in the 1980’s, Private Key Infrastructure is the system of cryptographic protocols, policies, and procedures used to manage the creation, distribution, and use of digital certificates and the private keys that underlie them.  It’s the accepted way to secure network communications across the globe, but it takes some effort.  Generating the private keys, submitting the request to a Certificate Authority, and managing the resulting certificates take a significant amount of management overhead; and it’s not a one-off effort.  The certificates need to be renewed and rotated.  The more frequently the certificates are rotated, the more secure the device communication can be considered.

At Device Authority, we’ve been deploying the KeyScaler solution to secure connected device infrastructure for years.  The KeyScaler stack consists of several components that fully automate the process of issuing certificates to connected devices, and rotating those certificates as frequently as desired.  The KeyScaler platform allows administrators to define the device and certificate policies that are most appropriate for their use case.  Using a powerful framework-based approach is essential to facilitate automation, and as every use-case is different, we rely on our clients’ knowledge of their own devices and behaviour to understand what constitutes a “genuine” device.  Whilst the Device Authority team are the experts in Device Security, our clients are the experts on their own devices and usage.

Traditionally, the KeyScaler stack is deployed within the client infrastructure, sitting alongside the other enterprise components that manage the device base and provide the required administration functionality.  As a result, the Device Authority team work closely with our clients’ infrastructure and IT teams, to deploy our software within their private datacentres. This approach requires close collaboration and an extended project timeline, while we educate and train IT teams to manage and support the KeyScaler software stack.  However, It’s not always desirable or feasible to dedicate these technical resources, nor the up-front costs for the infrastructure required.  As a result, we’ve developed our KeyScaler-as-a-Service platform – KSaaS.

KSaaS facilitates the instant deployment of a secure and robust KeyScaler environment, without any of the up-front costs or resources associated with on-premise infrastructure.  There’s no need for involvement of IT teams or Infrastructure approval, nor the ongoing support and maintenance resources normally required for on-premise software deployments.  Furthermore, employing a SaaS delivery model means that our clients can start with the minimum device-base, and scale up the subscription as their business grows.  The KSaaS platform is infinitely scalable – there is no upper limit; thus no need to plan your infrastructure upgrade strategy as your device count increases.  This approach fosters innovation, and the flexibility to accommodate the dynamic nature of today’s technology businesses.

So what effort is required, once an instant KeyScaler environment is deployed?

Well, that depends on the use-case. As previously mentioned, we’re not the experts in our clients’ devices – we’re the experts in securing them. With the simplicity of the SaaS model, and our comprehensive documentation and online tutorials, our clients need only focus on the decisions that matter to them.  What device identifiers do you want to use? How often do you want to rotate the certificates? What encryption algorithms and certificate types do your other systems expect?  These are the questions that drive your business decisions, and the consultants at Device Authority are always on hand to offer advice, and impart the experience we’ve attained through the many years of running these projects.

How instant is “instant”?

We capitalize on the accessibility of the Azure Marketplace to deploy KSaaS environments.  We’ve deeply integrated our KSaaS platform with the Marketplace to facilitate license management and invoicing, as well as one-click deployments of Free Trial environments.  Incredibly, our clients are now able to deploy a new environment, connect their devices, and experience the full power of the Certificate Lifecycle Management, in less than an hour.  Step-by-step tutorials are provided, alongside our expert support and consultancy teams to ensure the full value can be realized with the minimum possible effort.

Don’t believe me? Click here and try it for yourself (with zero commitment).

It’s a very exciting time for IoT security – we’re developing new architectures and technology every day, to genuinely push the industry forward.  Stay tuned for the next blog post to find out how we’re doing it.

Ben Benson