Hima Mukkamala, the senior vice president and general manager of IoT Cloud Services at Arm, tells George Malim that device management is critical for organisations that deploy IoT devices, collect their data onpremises or in the cloud, and analyse it for business use. However, as device volumes increase and the sheer diversity of IoT applications and devices fragments the landscape, IoT device management is becoming far more complex than the traditional discipline of enterprise IT device management. What’s needed are a set of tools, processes and disciplines to manage the volume and variety, while also ensuring ease of use, validity of data and security.
George Malim: We’ve all seen the projections of IoT hitting hyperscale in a very short time from now and this has an obvious impact on the number of devices that organisations will need to manage. What do you see as the challenges of managing the sheer volume of devices?
Hima Mukkamala: I think that the volumes to date haven’t gone quite as projected, but we’re starting to see IoT hit that inflection point that the industry has been talking about, as organisations are beginning to obtain value from IoT. There are definitely challenges – including the diversity of devices and use cases, security concerns and complexity – that have held back some of the growth.
Every use case places a specific requirement on the IoT device and the network, which can make scaling difficult. On the security side, there’s a lot more visibility into and awareness of the issues, but the challenge is in making sure devices and data are secured throughout the device lifecycle journey, especially as organisations add more infrastructure and solutions to their environment, such as moving data to the cloud, outside of it and at the edge.
Another important challenge is that, as more is added to existing workflows and processes, the landscape becomes more complex. That will continue as volume ramps up.
As many of the use cases start from the factory in siloed environments, it can often be difficult to change the devices later.
GM: Beyond management of the devices themselves, the next and probably greater challenge is managing the data the devices will generate. How can organisations put in place a successful strategy for device data management?
HM: When we talk about device data management, it’s a combination of digital and physical device data. Physical data is the data coming from devices, but the outcomes that enterprises care about are achieved by combining this with their existing digital data so we need to look at solutions that can handle physical and digital data. Pure physical data gets siloed and doesn’t deliver meaningful insights.
The second aspect of device data is that it should be trusted data. If data cannot be trusted there’s a risk of generating wrong insights. Therefore, enterprises’ should look for IoT solutions that include a means to ensure data is trusted.
With our Pelion Data Management we address how to bring all the heterogeneous sources of data together. This is important not only in combining physical and digital data, but also because deployments tend to be in brownfield situations where organisations need to manage existing devices in addition to new devices. Pelion Data Management also enables enterprises to obtain trusted data, as the data is encrypted both at rest and while in transit.
GM: For most organisations there won’t be just one type of IoT device to manage so how will organisations approach device management in a way that encompasses the diversity of devices involved?
HM: One of the successful strategies that has evolved in the market, especially covering brownfield environments, is the notion of putting a gateway in the middle so that old devices can be connected. Don’t forget, in some industrial environments devices stay in place for 40 years and don’t change.
In some cases, the volume of data is so great that it is not cost effective to send it all to the cloud. There is a trend towards using gateways in these deployments as well to enable a lot of the processing to be done in multiple layers –so some of the processing can be done in high-end cloud and data processing environments, while other processing can be done at the edge. The aggregation point is starting to change.
Enterprises want some of the devices to be managed on premises – i.e. without using a cloud. Also, the diversity means that customers don’t want to deploy solutions that constrain them to a particular device. They want an operating environment that can manage any device, any network and any cloud.
GM: Where do you draw the line in Arm’s characterisation of devices to be managed. Do you see system-on-chip (SoC), for example, as a form of device?
HM: Absolutely, we address a broad range of device types – ranging from ultra-constrained to full-featured – that may be powered by SoCs, low-power microcontrollers and others. We take a device agnostic approach to managing and updating all of these different devices. Also, while customers are deploying Arm-based devices, we recognise that not all devices will be Arm-based. We are able to support our customers with the solutions to manage any device, providing them with the flexibility that is needed to scale their IoT deployments.
In addition, one of the trends we’re moving towards is integrated SIM (iSIM), where the SIM is built into the system-on-chip. This is the next evolution of eSIM, and both provide the ability to switch between networks. The value in iSIM and eSIM is that organisations can manufacture the device in one location and ship anywhere in the world, providing local connectivity.
Arm’s value in the market is in removing complexity and friction in how these devices are managed and connected. iSIM will bring innovation and freedom to integrate connectivity in to a broader range of devices.
GM: IoT device security is at the top of everyone’s mind and the risks seem well understood. How is Arm ensuring that its device management capabilities will perform the critical security roles required of them?
HM: We believe security is critical for IoT to scale, and Arm is providing device-to-data security through our intellectual property, Mbed OS IoT operating system, device management, connectivity management and data security capabilities.
Our Platform Security Architecture (PSA) initiative that we announced back in 2017 defined a framework to bring best practice approaches to IoT security. To expand upon that, we launched PSA Certified earlier this year, which delivers independent security testing, and trust to the market that devices are built securely from the ground up.
Our free open-source IoT operating system, Mbed OS, is also PSA Certified, and helps developers build IoT devices that have a secure foundation. Mbed OS is seamlessly integrated with our Pelion Device Management, which provides security from development to onboarding to management in the field to finally decommissioning the device.
Another critical capability from a device management perspective that we enable is secure over-the-air firmware updates for patching vulnerabilities and keeping devices up-to-date. This is critical as devices can be out in the field for several years, and it’s simply not feasible to manually update every single device.
The security for a consumer electronics device is different from a utility and so on and so forth. Our approach is to simplify the development and management of devices and provide the security regardless of the customers’ requirements.
We are also complying with other certifications such as ISO27001 and SOC 2, which are important in securing the credentials as data moves from the device to the cloud.
Security isn’t just one initiative. It needs to be a combination of enterprise security, device security and network security.
GM: To what extent do you see device management as a security tool or discipline?
HM: There are a lot of parallels with the enterprise IT world and also in mobile. When we first started using laptops, they were new devices accessing the network, and there were no best practices for potentially installing or using untrusted applications. Over time, management tools came in to help mitigate some of these risk factors and make it more difficult to install things on your device.
However, things diverge in IoT. While endpoint management was easy from the enterprise perspective, in the case of IoT, device management can be challenging due to the diversity of devices from ultraconstrained to large gateways and everything in between. IoT device management is a critical part of maintaining the device lifecycle and enabling organisations to securely abstract insights from the data. It is also managing the app credentials and app provisioning in gateways, and needs to take into account how the device is onboarded and how it goes through manufacture to distribution and to the end user.
Overall, security is a big part in enabling the scale to reach the trillion devices that are expected by 2035, and device management will play an important role. Device management is both a discipline and a tool, the tools make sure the discipline can be performed effectively.
GM: The security of device data is of equal importance. How is Arm working to support this?
HM: Looking back at the parallels between IoT device management and enterprise device management the goal is to create a trusted environment and to ensure the data within it can be trusted. Breaches in the chain of data can lead to untrusted data so data must be validated by working closely with data management technology to ensure it is uncompromised end-toend, at rest and in motion.
Also, it’s not just about the data. Organisations need to ensure that the right processes are in place so that only the right people within the organisation have access to the device. They can do this with solutions such as Pelion Device Management Secure Device Access.
GM: Please can you explain how Arm’s Pelion Device Management has been designed to address the twin challenges of handling immense device volumes and the data they create?
HM: Fundamentally, if you look at the challenges associated with handling the volume of IoT devices and data, having scalable protocols is of immense importance. This is because organisations need to be able to move the right data without using a huge network footprint.
We’re helping customers scale their IoT deployments to billions of devices through our Pelion IoT platform. On the pure device side, we’re giving options to customers in terms of how they deploy infrastructure. This could be through highly available local clouds for organisations working with high volumes of device data. For example, a firmware update can be done intelligently, at the right time rather than swamping all devices when they’re busy. We can also do delta uploads of specific parts of firmware to be updated rather than pushing to all. We additionally have Pelion Device Management Edge, a gateway solution that can help customers offload some of the scale and processes at the edge, so only some of the data is pushed into the cloud.
GM: How do you see the market developing between cloud-based and on-premises approaches. What do you see as the relative merits of each?
HM: It’s an ‘and’ game. We will see a hybrid of cloud and on-premises approaches. Readilyavailable public cloud infrastructures have helped organisations deploy products quickly, reduce upfront capital costs and provide an excellent platform to test the waters and experiment on how a variety of different products and use cases could be brought to life on a small scale.
However, at least in some cases, when it comes to production-level deployments, on-premises option may be more suitable. For example. utilities use cases, often need to deploy in on-premises environments in order to comply with industry regulation. I think it’s fair to say that this fragmented landscape, combined with bespoke use cases are emerging as areas where hybrid can solve the challenges associated with the abundance of devices that are arriving in deployments.
There are variations of these scenarios in virtually every customer deployment. That’s why it’s an ‘and’ game – each approach has its own benefits so, in general, the whole cloud compute market is adopting a hybrid approach.
GM: Is the need to scale-up stimulating interest in device management?
HM: The need to manage a large number of devices does stimulate the interest in device management. Every IoT device is managed by the appropriate service. Managing a small deployment of devices with little or no security is simple, managing a large number of devices with robust security from the production line and throughout the device lifecycle with secure software update is a complex task. Companies want to outsource that complexity and concentrate on their unique value added application in the device and in the cloud.