Banner Image

Business and Technology Insights

Securing the IoT Gateway

 
December 12, 2016

Like several other domains, Utilities too, has embraced the Internet of Things (IoT). For Utilities, specifically the power sector, the IoT has infused life into inanimate objects. Intelligent power grids accurately predict demand, and route power efficiently. Electrical meters are becoming smarter tracking real-time energy consumption, and proactively driving energy saving initiatives. Smart switches and motion detection based automatic lighting are some popular instances of innovative energy solutions that are very quickly becoming part of our everyday lives.

However, these smart devices, besides operating under extreme and isolated conditions, must also generate and exchange data between themselves, and with enterprise systems. This data exchange is driven through an IoT gateway, which collects, collates, and sends data from grids and meters, to the IoT cloud, for further processing.

Similar to the firewall-protected network gateway, which routes traffic between internal and external computer networks, an IoT gateway is the meeting point of IoT devices and enterprise systems. Just as the network gateway is protected with a firewall, the IoT gateway too, must be shielded against intrusions, attacks and trojans. Simply because IoT gateway downtime would mean lost device and systems connectivity, which in turn, could render the Utility service out of action.

Dont Re-invent the Security Wheel

While devising security strategies, IoT practitioners in the Utilities industry must build on traditional network security principles and best practices. The security wheel for the IoT, need not be re-invented. Through this post, Ill draw a parallel between network and IoT gateways, and explain how security practices can be leveraged.

The first lesson (or best practice adoption) is standardization. Computer networks are addressed and segregated using the standardized IP address system. Similarly most web browsers ensure interface consistency, through standard interpretation and rendering of HTML tags and cascading style sheets. IoT gateways too, need standardized communication protocols. From the IoT perspective, the Open Standard Platform (OSP) and Open Service Gateway Initiative (OSGI) are good starting points. Based on the popular Java Virtual Machine (JVM), these frameworks, through plug-ins facilitate modular and remote software development for embedded systems a key requirement for IoT development.

Next is remote software deployment. With most IoT gateways remotely located, software updates must be deployed (or pushed) at regular intervals, over secure network tunnels. Does VPN ring a bell? The software deployed remotely must also be tested under a simulated environment a virtual gateway operating in a testing or lab environment. Yeah, you guessed it right the rules of provisioning on-demand environments using service virtualization, come into play. An interesting example that comes to mind, is Kura an OSGi and JVM based application framework for machine to machine communication, Kura enables remote testing of services deployed to IoT gateways. Although still under incubation, Kuras ability to lab-provision simulated gateway software, and drive testing with varied input and output combinations, holds promising potential for IoT gateway assurance.

The IoT ecosystem of the future will comprise multiple service providers and systems integrators all coming with their own proprietary applications and devices talking to each other, via API calls, routed over multiple IoT gateways. Now imagine exposing your application and database APIs publicly to other service providers. Get the point? With the high risk associated with IoT gateways, security needs specialized attention, and cannot be compromised. With IoT use cases increasing, assurance frameworks and security solutions will continue to evolve. From the enterprise perspective, before embarking on the smart IoT solutions bandwagon, your company needs standards for adopting specific, industry compliant IoT gateways for device to device, and device to systems communication.

Finally, securing the gateway is simply a start. Quality Assurance (QA) and testing teams also need to address areas such as performance, automation, simulation within a lab and remote monitoring and deployment. For instance, when planning IoT gateways, the QA team must factor in automation from the outset. When combined with robust gateway assurance, monitoring and governance, automated IoT gateway management can auto correct faults, and significantly improve response time for failures.

While all of this can appear overwhelming at first, its actually easy-going when done systematically not with a big bang, but with a gradual, phased approach that involves multiple pilots and small successes. This standardization is also important for optimal utilization and integration of the sizeable legacy IT infrastructure, which cannot be discarded overnight. Given this reality and budgetary constraints, CIOs in Utilities businesses dont have the liberty of kicking off their IoT initiatives with a clean slate. They must integrate legacy infrastructure with their IoT systems another strong reason to focus on secure gateways, and connect with customers smartly!

Bharathi Karthik Balasubbiah has over 18+ years of experience in the IT and software development industry and has handled varied roles in Retail, Banking, Finance, Telecom and Hi Tech sectors. He has also worked with global clients in USA, UK, Continental Europe and India and has considerable expertise in architecting technology solutions for the customers. He holds a bachelor's degree in engineering from Thiagarajar College of Engineering, India. A prolific speaker and writer, he blogs regularly, and speaks at technology based forums and meetups.