Potentially billions of IoT devices have to be securely deployed and managed from the chip right through to the data, whether that’s on-premise, at the edge or in the cloud. Antony Savvas explores device management throughout the device lifecycle.
When it comes to device management, the challenges are about far more than initial configuration and setup, they are about the ability to mitigate problems and flexibly change functionality during the life of the device, which could be deployed in the field for more than a decade in some IoT areas. While managing IoT devices and managing data from IoT devices are two related but separate issues, ultimately, good device management can underpin an organisation’s successful data strategy.
That said, it is clear that the industry has a challenge on its hands. With the onset of digital transformation, the volume and diversity of connected devices in enterprises today has increased drastically. And while this might help companies introduce operational efficiencies into the workplace, it also leaves huge security gaps for those that are unaware of the pitfalls of poor device management.
Digital transformation
According to security vendor Forescout, it can be estimated that any business undergoing digital transformation has about 30-60% more devices on its network than the IT department actually knows about. Chris Sherry, the regional vice president of EMEA North at Forescout, says: “Naturally, when asked to imagine devices in the workplace, most people immediately think of smartphones and laptops. But what about the printer that sits in the corner of the office, or the surveillance camera monitoring the car park? Not only that, but development in industrial IoT (IIoT) has meant that operational technology such as sensors, actuators, controllers and even light switches are all becoming IP-enabled too despite the fact they were never intended to be. As a result, IT teams are scrambling on how to account for them and manage them.”
Sherry says a major factor to overcome is that different lines of businesses don’t see eye-to-eye on what the management strategy should look like. “To gain full control and visibility of all devices on a network, enterprises need to use tools that consolidate them into a single, unified device visibility and control platform. It is all about IT asset management (ITAM) with better streamlined visibility and automation,” he says.
Remote monitoring
Manfred Kube, the head of communications, analytics and IoT Solutions at Thales, says: “For most IoT use cases, it is virtually impossible to send regular physical maintenance workers to each and any device as this would be time consuming and kill your total cost of ownership (TCO).”
Kube adds that the most efficient approach is to use analytics tools that monitor IoT devices remotely and address challenges in realtime. Companies must deploy integrated and connected hardware solutions, plus strong encryption schemes, to ensure efficient management and tight security to enable devices to be patched with the latest software, firmware, applications and security, that will enable them to evolve to support new use-cases in the years ahead.
Cloud providers
To help deliver what is required, a number of IoT providers are building ecosystems to enable comprehensive solutions that address all segments of the market. This includes the involvement of big cloud service providers Google, Microsoft and Amazon that have tailored solutions. Each of these three can help partners and customers to securely provision, authenticate, configure, control, monitor and maintain all of their IoT devices.
The importance of addressing the evolving edge networking environment is also coming into play. IoT devices will increasingly be located closer to customers at the edge to help reduce latency, for applications such as 5G, artificial intelligence and driverless cars.
From a device management perspective, the biggest problem is going to be updates. For most large organisations, it’s hard enough to keep every desktop and laptop device up to date, let alone the addition of hundreds of new devices at the edge of a network. The evolving ecosystems to support IoT device lifecycle management can be illustrated by the approach Arm has taken. Its Pelion Device Management aims to provide simple, secure and flexible IoT management capabilities for a range of device profiles. Multiple deployment configurations are available to suit the customer’s needs, including cloud and edge options, an on-premise solution with cloud-like capabilities or a hybrid of the two.
About a year ago, Arm acquired Treasure Data and brought together its data management technology with Arm Mbed Cloud solution, in addition to connectivity management technology resulting from its acquisition of Stream Technologies to launch the Pelion IoT Platform.
The Pelion IoT Platform consists of three major components covering device management for provisioning, identity and access management and updates; connectivity management to support wireless connectivity standards for any device and the enablement of eSIM secure identification; and data management for the analysis of trusted data from individual devices and enterprisewide and third party big data deployments.
Standards
When considering any solutions though, it is also important to consider standards and best practice, which is something that non-profit organisation GlobalPlatform is supporting.
Driven by around 90 member companies, the organisation develops international standards for enabling digital services and devices to be trusted and securely managed throughout their lifecycle, when deployed in the payments, telecoms, transportation, automotive, smart cities, smart home, utilities, healthcare and government sectors.
Gil Bernabeu, the technical director at GlobalPlatform, says: “Many connected devices – such as connected cars and machinery – could have lifecycles spanning decades. Effective device lifecycle management is therefore essential for the security and functionality of all IoT devices and their networks. Devices that cannot update their software, permissions, firmware and security in-field should not be brought to market in the first place.”
A clearly defined process to manage device end-of-life is also fundamental, says Bernabeu. Whatever the device and whatever the environment it is functioning in, it is clear that its deployment and on-going management have to address key fundamentals to deliver the full benefits.