Two of the big issues with the Internet of Things (IoT) are security and manageability. The problem is that the endpoints have to be both light and cheap, yet with increasing intelligence to handle the functions needed in order to lower the bandwidth requirements of the solution. This is true particularly with things like security cameras, which have far higher bandwidth requirements but increasingly includes, by sheer mass, the number of sensors that are being remotely distributed.
Much of the focus has been on the IoT devices, with some emphasis on-premises hubs to connect them. But this has resulted in problems that these hubs cannot seem to properly address, like delivering updates to the vast wealth of existing connected devices that aren’t standards compliant and yet represent much of the existing infrastructure. I’ve felt for some time that what was needed was a cloud-based backend, both so emerging security threats can be addressed in a timely manner and so that control and patching can be adequately handled without forcing an overly rapid replacement cycle on the hubs.
At RSA, Microsoft announced the Microsoft Azure Sphere, which seemed to be almost identical to what I had been thinking was needed. I think this is potentially a game changer for the IoT. Let’s talk about that this week.
Defining the IoT Problem
The IoT has a lot of problems. One of the biggest issues is that the existing infrastructure largely remains proprietary and dominated by vendors who build everything from HVAC systems to elevators but don’t believe in interoperability yet. New vendors that do tend to be small and not perceived as enterprise class, which means the move to standards-based systems has been far more glacial than I think most anticipated. We are adding things like connected security cameras and sensors at accelerating rates and so desperately need a way to monitor, secure, update and patch them. Unfortunately, this lack of commonality is creating a huge, largely unmanageable, mess. The result is that the smart IoT deployments tend to be forklift upgrades, where much of the existing infrastructure is ripped out and replaced with a single vendor solution that can be reasonably managed. More common mixed ecosystems become unmanageable messes with outages and security exposures no one wants to talk about.
One of those security exposures is when an IoT device is forced off the network and a rogue clone element is interjected. The network doesn’t know the difference and the site isn’t running something like Varonis to catch the behavior change.
One of the recent visible results of this was a casino that was breached through the pump in its aquarium. Like a lot of sites, this casino didn’t have a network dedicated to IoT and the information surrounding its most valuable customers, the high rollers, was stolen. Whether this was done for business advantage or to steal the identities of these high rollers is unknown, but this beach clearly did a ton of damage to the casino’s reputation and revenue.
What was needed is a solution that could deal in real time with threats, could eventually fix the compatibility problem, and could provide for timely updates and patches.
Microsoft Azure Sphere
Microsoft Azure Sphere looks ideal, with one exception. It does require a specialized microcontroller, Microsoft Certified Microcontroller (MCU) in this case, at the endpoints. This means, for full implementation, you will have to rip and replace what exists. But this is because, like what happened to the casino, you need a way to confirm and authenticate the device to the network, otherwise, a rogue clone device could breach security. This is equivalent but more secure than giving the device an ID and password for access. Interestingly, this concept came out of Microsoft’s Xbox division, likely because of anti-piracy efforts.
The second part of the solution is a secure real time OS (RTOS), which then helps make sure that patching and updates are massively simplified, assuring that updates are made in a timely manner. Interestingly, this uses a custom Linux kernel. This also supplies security in depth for the remote device, making it far harder to hack.
Third, and finally, is the Azure Sphere Security Service. This is the part I’d been waiting for. It centrally controls the devices, helps assure patches and updates are delivered in a timely manner, and makes sure no rogue or cloned devices make it onto the network.
This has implications that bridge enterprise and home use and will allow vendors to service things like refrigerators and ranges more easily as well as operate within the enterprise. Advocates at the launch included Sub-Zero, which makes high-end refrigerators, and Wolf appliances, which are often downgraded in reviews for reliability issues. This technology could massively improve the reliability for appliance vendors that use it.
Wrapping Up: Microsoft Steps Up to the IoT Problem
When we started with the IoT it was all about the devices: lots and lots of devices. This isn’t unusual. Things like management and control tend to drop onto the back burner when companies get excited about selling massive numbers of parts. But that has quickly become untenable and the need to address both the management and security of these devices has become far more critical to the solution.
Hardware vendors initially responded with intelligent hubs, but this wasn’t an ideal solution even though it attempted to better deal with the mess of hardware that already existed. They could handle control, but security, patching and updates remained a problem. I’d actually believed that Amazon and AWS would get this first, but Microsoft came from the outside and delivered the Azure Sphere instead, surprisingly stepping up to this critical need. It may help explain how Microsoft passed Amazon for the second most valuable company in the world recently.
Rob Enderle is President and Principal Analyst of the Enderle Group, a forward-looking emerging technology advisory firm. With over 30 years’ experience in emerging technologies, he has provided regional and global companies with guidance in how to better target customer needs; create new business opportunities; anticipate technology changes; select vendors and products; and present their products in the best possible light. Rob covers the technology industry broadly. Before founding the Enderle Group, Rob was the Senior Research Fellow for Forrester Research and the Giga Information Group, and held senior positions at IBM and ROLM. Follow Rob on Twitter @enderle, on Facebook and on Google+