Those who have tried to securely connect a manufacturing plant, a refinery or multi-tenant building to the cloud understand that it’s a big leap to go from discussion to successful implementation. Ron Victor discovered this the hard way, but he encapsulated what he learned to found IoTium, a company that specializes in connecting legacy brownfield deployments to the cloud, with minimal touch.
Victor’s company, of which he is CEO, sidesteps the operational technology (OT) vs. information technology (IT) discussion by providing a network operating system that sits on any gateway hardware. Plug one side of the gateway to the OT, the other side to the IT LAN, and it acts as a secure conduit for OT and IT data to the cloud and back.
If it sounds simple, that’s kind of the point. It is. All that’s needed is a technician or someone else to be onsite to make the connections and it’s up and running. In theory, that means no truck rolls are required. It’s a classic service solution, in this case, network as a service (NaaS).
Once the gateway is connected, whether to an industrial network, oil rig or multi-tenant building, a customer can use IoTium’s Orchestrator to automatically authenticate, provision and configure a network’s infrastructure. Policies can be defined and used to determine what data needs to be sent, and where.
Overcoming IoT deployment inertia
For many engineers and technicians maintaining brownfield installations, the main emphasis is on keeping things running smoothly and consistently. Security isn’t a general concern, as most systems aren’t yet connected to the Internet. For IT, the goal is also uptime, as well as maintaining the necessary levels of security.
When the order comes to connect the two, both sides must overcome their natural tendency toward the status quo. Having a readymade solution to form those connections helps, especially when it comes to security.
IoTium’s iNode OS provides the security without requiring changes to firewall and proxy settings on the IT side, and the security is based on certificates and keys with a PKI infrastructure. This eliminates the need for passwords and usernames for each building or facility. Also, it’s a book-ended architecture, where the source and destination points have iNode installed, so only those specific source and destination points can read the data (Figure 1). Data in motion is fully protected through tunneling.
Figure 1: IoTium’s iNode OS installs at the edge of the network, secures connections to the cloud and enables one-click application deployment using Orchestrator. (Image source: IoTium)
Even when IT is sure its facility is locked down, they often forget that the easiest way to hack a network is to bribe an employee to insert a USB stick that installs malware or downloads specific data. Having data encrypted in transit, end to end, keeps this from happening.
What about data from multiple sensors? This too is kept isolated, and for good reason. In a facility that stores HVAC systems, motor control, pressure sensors, cameras and other operation and security equipment, being able to hack one device or system can potentially undermine the complete network, up through IT.
A fairly recent example of the danger of this kind of hack occurred in a casino. An IoT-enabled fish tank was hacked and a casino’s network was left exposed, proving that all connected systems and data sources need to be isolated and encrypted.
While IoTium focuses on security and ease of use, some features of its “virtualized edge platform” include one-click deployment of new applications, across tens or hundreds of facilities. This centralized deployment avoids having to go to each facility to add new data gathering, analytics or control functionality using the classic command-line interface. All security updates and patches are deployed automatically.
In a multi-tenant building, multiple tenants can act upon the same data in real time, in complete isolation of each other, and each tenant can request specific services, independently.
Bridging the IT/OT gap is a keystone element of a successful IoT deployment. Solutions like iNode, along with partnerships with specialists like IoTium, are a smart way to accelerate the migration to intelligent and secure IoT systems.