VA SYD prisas av organisationen Smart Cities Connect för ett projekt som effektiviserar och förbättrar dricksvattensystemet genom att installera digitala vattenmätare hos kunder. Allt hanterat mha Yggio från Sensative.
IoT security is the act of securing Internet of Things services, systems, devices, and the networks they’re connected to.
Many cybersecurity solutions can be inherited from the security standards implemented in more traditional IT, but unfortunately, IoT is a mix of different technologies of different capabilities and ages. It also overlaps the Operation Technologies (OT) used in industries that earlier were protected since they lacked a connection to the outside world. This changes when introducing IoT, bridging the gap.
Sensative offers IoT cybersecurity solutions that ensure ZeroTrust protection of your valuable IoT data. However, IoT device protection is implemented (or not) by the supplier of those devices, so we recommend that you do a risk analysis when selecting sensors and actuators and their suppliers.
Modern IoT ecosystems are complex. Sensors and actuators can be connected and configured to send data over various networks to cloud applications and backends. The digital security risk is present at every step across the IoT implementation.
Unfortunately, diverse data types and often limited network bandwidth and computing power among IoT devices mean that you need different solutions to work in sync to protect the whole system.
Risk must be mitigated for the entire IoT lifecycle of the deployment, especially as it scales and expands geographically.
Most sensors and actuators are small and simple devices with minimal computing power, called constrained environments. They are also primarily battery-driven, and signaling must be kept to a minimum to save power.
These devices are more or less useless as an entry point in a more powerful hacker attack, but they are still susceptible to manipulation. In some applications, they need to have some physical protection if the data they provide is critical. For instance, an outdoor temperature might be mere information. In contrast, a temperature in an engine can be vital to preventing failures making it more interesting to manipulate if you want to cause damage.
IoT devices are highly reliant on the standard they implement. For instance, Sensative Strips have all the security measures provided by Z-Wave and LoRaWAN implemented.
Protecting the transportation of the data can be challenging depending on the characteristics of the chosen IoT standard. For example, some standards, like CoAP, lack entirely any security measures in themselves. Others support higher bandwidth and thus support extra security layers in the protocol stack, like 5G. And others, despite being narrowband, have strong end-to-end security implemented in its core, like LoRaWAN or NB-IoT.
They all come with different price tags to implement and operate, and they all have their eco-systems of devices and suppliers supporting them, limiting the freedom to choose the best device for a specific task.
This is the reality for which we have developed our Yggio Digitalization infrastructure Management System. First, to enable the customer to choose the best and most cost-efficient solution for a specific service. Second, to mix different technologies but still manage it securely through one interface and one API.
The central IoT platform is the most vulnerable part of an IoT system. This is where all data and automation control is aggregated and thus where you can do the most harm.
Sensative’s Yggio DiMS platform has some cornerstone capabilities for providing the security your solution needs.
Besides the admin interface, the end-user service or app is the prime entry point for a hacker. At the same time, it must be convenient to use for the less technical user. It is essential that the connection to the IoT platform is secure, that the access is strictly controlled using multi-factor authentication, end so on.
Yggio provides all these mechanisms, including IAM integration for corporate users.
The end-user data must also be protected from a privacy point of view. Read more here about how Yggio and Sensative support your GDPR processes.
A zero-trust security model is a way to design network security architecture that withholds access until a user, device, or even an individual data packet has been thoroughly inspected and authenticated. Even then, only the least amount of necessary access is granted. Zero-trust security can be summarized as “never trust, always verify.” Equating safety with “inside the firewall” is no longer acceptable.
All users must be authenticated, and each transaction, like data or device access, must be authorized.
When accessing Yggio through the API, you must provide an authorized access token in the request header. Otherwise, it will get rejected.
Access to data, sensors, and actuators is authenticated and authorized, with policy management and integration, e.g., LDAP and Active Directory.
Identity brokering and social login
Yggio can authenticate users with existing OpenID Connect or SAML 2.0 Identity Providers.
Yggio has built-in support to connect to existing LDAP or Active Directory servers. We can also implement your provider if you have users in other stores, such as a relational database.
TLS protects all communication on IP networks. Similar tunnels, DTLS, can protect some non-IP communication in more constrained environments.
All IoT standards differ regarding security protocols and principles if they have any at all. The Yggio integration layer, LENS, manages all these differences and makes it possible to add security to weaker protocols.
Yggio also supports the new OSCORE end-to-end encryption protocol for constrained IoT standards lacking security. This technology enables trust in IoT sensors or networks in otherwise untrusted environments. Using OSCORE, we can encrypt and protect data in an unbroken chain from an endpoint in the network through, for instance, gateways, public networks, and IoT platforms to a service and a user. However, this also prevents Yggio from accessing the information, meaning that some functionality will be limited, e.g., analytics and automation.
Your PDF download is now unlocked
Also, we have unlocked all services exclusive for the Sensative community