Internet of things: Finding security in the cloud

Technology Update: So what’s the best tool for implementing security and locking down our devices? The answer is the cloud. The cloud doesn’t have to be insecure or expensive; centralized data collection and management is the key to securing Internet of things devices.

08/01/2014


Cloud-based computing offers manufacturers specific advantages. Courtesy: Control EngineeringThe cloud has the potential to help, more than hurt, cyber security for connected devices, the Internet of things (IoT). With all of the talk about the security, or insecurity, of the IoT, there's one thing we can agree on: security is both complex and critical. In the next five years, the Internet will become a larger global connection of computers, as well as an interconnection of everyday devices collecting data on their surroundings. With over 20 billion connected devices estimated in use by 2020, information and data will become ubiquitous, and our future applications will easily gather data from any source.

So what's the best tool for implementing security and locking down our devices? The answer is the cloud. Some would have us believe that the cloud is insecure and expensive, but I'm here to tell you that both of those accusations are not true. In fact, centralized data collection and management is the key to securing IoT devices. 

Centralized management

When a company or individual is trying to manage thousands of devices independently, it's not going to be easy. One strategy for monitoring and securing connected devices is to centralize them; a central repository provides the ability to see how all devices are working, and allows a successful shift of security intelligence from each field or device into the cloud.

While the cloud may be an aggregated layer, it also delivers greater intelligence. In other words, rather than the cloud being a tempting target for hackers, it's very secure and can protect itself against attacks. The cloud delivers continuous monitoring of all devices and the capability to turn off web services with a click of a button so that the devices are no longer listening to the Internet-thereby mitigating risk. By shifting security from individual purpose-built devices to the cloud, you actually have more controls and functions over each individual device. Another benefit of the cloud is its cost-effectiveness: by deploying the right tools to predict malicious activities and identify patterns, security increases while cost decreases as individual devices can only do so little without driving huge costs. Many devices working together en masse in the cloud is "smart." 

Refrigerator attack

For example, if someone attempts to attack your connected refrigerator, you can monitor that activity from the cloud and mitigate the risk. If the cloud manager notices abnormal activity-such as a user logging in from a remote area-the refrigerator can quickly be disconnected from the Internet and refrain from sending out data.

This diagram shows the IoT device control channel flow. In this model, IoT devices report to a cloud service. Since the connection flow is from the device TO the cloud, there is minimal need for device management services to be running on the device expos

Another recent example is the Heartbleed vulnerability. Devices using OpenSSL were at risk; however, those devices running from a device cloud allowed you to turn off your web services and immediately disable your devices from listening on the Internet-therefore, the device was not exposed to the threat.

This process is very similar to what happens in an IT server room: when an attack on a computer or network server is exposed, there are tools that IT personnel are able to quickly deploy to combat the attack. In a cloud environment that is aggregating data, it is possible to look for the same warning signs and respond just as if it were a server. By connecting devices to the cloud, specialized protection is easy, accessible, and behind the scenes.

Another key factor tied to the IoT and the cloud is secure password protection. You should have one centrally managed password to best protect your devices. By using one central password, tools, auditability, and security are much more effectively managed in the cloud, which drives home the concept of identity. If someone gains access to the account, you are notified immediately and can lock down all devices. 

Cloud protection

Donald Schleede is senior information security engineer / CISSP, director, Device Cloud by Etherios Security Office, Digit International. Courtesy: Digi InternationalIt's not if, but when an Internet-connected device will be attacked. If you want real protection, you must connect your devices to the cloud. With the cloud, you have the technology and capabilities to freeze and lock out all devices that are under attack within seconds. The ability to remotely update security functions is one of the main benefits of cloud-connected hardware. If devices are connected to the cloud, a simple fix can be applied to ensure devices are secure. As the IoT continues to grow and develop, security must be considered at every point throughout the network. Connecting your device to the cloud fulfills this need and can be used to deliver security to your devices and keep data secure.

- Donald Schleede is information security engineer at Digi International. Edited by Mark T. Hoske, content manager, CFE Media, Control Engineering, mhoske@cfemedia.com.

ONLINE

www.controleng.com/archives in August has more information with the online version of this article.

Key concepts

  • As the Internet of Things expands, cyber security must be considered at every point. 
  • Connecting devices to the cloud can deliver security to your devices and keep data secure.

Consider this

Would the cloud-based tools described here help lower your device cyber security risk? 

ONLINE extra

Don Schleede: Donald "Don" Schleede, CISSP, is a senior information security engineer working for Digi International. He has held positions as a software developer, IT operations director, and IT security architect. Schleede's areas of expertise include Unix security, network security, and web application security. Today, he works with devices and the Internet of Things in conjunction with device cloud security.

About Digi International: Digi International combines machine to machine (M2M) products and services as end-to-end solutions to drive business efficiencies. Digi provides the industry's broadest range of wireless products, a cloud computing platform tailored for devices and development services to help customers get to market fast with wireless devices and applications. Digi solutions are tailored to allow any device to communicate with any application, anywhere in the world, the company said.

www.digi.com 



The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by Control Engineering subscribers. Vote now (if qualified)!
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
Each year, a panel of Control Engineering and Plant Engineering editors and industry expert judges select the System Integrator of the Year Award winners in three categories.
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
HMI effectiveness; Distributed I/O; Engineers' Choice Award finalists; System Integrator advice; Inside Machines
Women in engineering; Engineering Leaders Under 40; PID benefits and drawbacks; Ladder logic; Cloud computing
Robotic integration and cloud connections; SCADA and cybersecurity; Motor efficiency standards; Open- and closed-loop control; Augmented reality
Programmable logic controllers (PLCs) represent the logic (decision) part of the control loop of sense, decide, and actuate. As we know, PLCs aren’t the only option for making decisions in a control loop, but they are likely why you’re here.
This digital report explains how motion control advances and solutions can help with machine control, automated control on assembly lines, integration of robotics and automation, and machine safety.
This article collection contains several articles on how advancements in vision system designs, computing power, algorithms, optics, and communications are making machine vision more cost effective than ever before.

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

Control room technology innovation; Practical approaches to corrosion protection; Pipeline regulator revises quality programs
Cloud, mobility, and remote operations; SCADA and contextual mobility; Custom UPS empowering a secure pipeline
Infrastructure for natural gas expansion; Artificial lift methods; Disruptive technology and fugitive gas emissions
Automation Engineer; Wood Group
System Integrator; Cross Integrated Systems Group
Jose S. Vasquez, Jr.
Fire & Life Safety Engineer; Technip USA Inc.
This course focuses on climate analysis, appropriateness of cooling system selection, and combining cooling systems.
This course will help identify and reveal electrical hazards and identify the solutions to implementing and maintaining a safe work environment.
This course explains how maintaining power and communication systems through emergency power-generation systems is critical.
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by Control Engineering subscribers. Vote now (if qualified)!
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
Each year, a panel of Control Engineering and Plant Engineering editors and industry expert judges select the System Integrator of the Year Award winners in three categories.
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
HMI effectiveness; Distributed I/O; Engineers' Choice Award finalists; System Integrator advice; Inside Machines
Women in engineering; Engineering Leaders Under 40; PID benefits and drawbacks; Ladder logic; Cloud computing
Robotic integration and cloud connections; SCADA and cybersecurity; Motor efficiency standards; Open- and closed-loop control; Augmented reality
Programmable logic controllers (PLCs) represent the logic (decision) part of the control loop of sense, decide, and actuate. As we know, PLCs aren’t the only option for making decisions in a control loop, but they are likely why you’re here.
This digital report explains how motion control advances and solutions can help with machine control, automated control on assembly lines, integration of robotics and automation, and machine safety.
This article collection contains several articles on how advancements in vision system designs, computing power, algorithms, optics, and communications are making machine vision more cost effective than ever before.

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

Control room technology innovation; Practical approaches to corrosion protection; Pipeline regulator revises quality programs
Cloud, mobility, and remote operations; SCADA and contextual mobility; Custom UPS empowering a secure pipeline
Infrastructure for natural gas expansion; Artificial lift methods; Disruptive technology and fugitive gas emissions
Automation Engineer; Wood Group
System Integrator; Cross Integrated Systems Group
Jose S. Vasquez, Jr.
Fire & Life Safety Engineer; Technip USA Inc.
This course focuses on climate analysis, appropriateness of cooling system selection, and combining cooling systems.
This course will help identify and reveal electrical hazards and identify the solutions to implementing and maintaining a safe work environment.
This course explains how maintaining power and communication systems through emergency power-generation systems is critical.
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by Control Engineering subscribers. Vote now (if qualified)!
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
Each year, a panel of Control Engineering and Plant Engineering editors and industry expert judges select the System Integrator of the Year Award winners in three categories.
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
HMI effectiveness; Distributed I/O; Engineers' Choice Award finalists; System Integrator advice; Inside Machines
Women in engineering; Engineering Leaders Under 40; PID benefits and drawbacks; Ladder logic; Cloud computing
Robotic integration and cloud connections; SCADA and cybersecurity; Motor efficiency standards; Open- and closed-loop control; Augmented reality
Programmable logic controllers (PLCs) represent the logic (decision) part of the control loop of sense, decide, and actuate. As we know, PLCs aren’t the only option for making decisions in a control loop, but they are likely why you’re here.
This digital report explains how motion control advances and solutions can help with machine control, automated control on assembly lines, integration of robotics and automation, and machine safety.
This article collection contains several articles on how advancements in vision system designs, computing power, algorithms, optics, and communications are making machine vision more cost effective than ever before.

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

Control room technology innovation; Practical approaches to corrosion protection; Pipeline regulator revises quality programs
Cloud, mobility, and remote operations; SCADA and contextual mobility; Custom UPS empowering a secure pipeline
Infrastructure for natural gas expansion; Artificial lift methods; Disruptive technology and fugitive gas emissions
Automation Engineer; Wood Group
System Integrator; Cross Integrated Systems Group
Jose S. Vasquez, Jr.
Fire & Life Safety Engineer; Technip USA Inc.
This course focuses on climate analysis, appropriateness of cooling system selection, and combining cooling systems.
This course will help identify and reveal electrical hazards and identify the solutions to implementing and maintaining a safe work environment.
This course explains how maintaining power and communication systems through emergency power-generation systems is critical.
click me