Identities and security for an IoT ecosystem
Identities and security
for an IoT ecosystem
GlobalSign: Identity for Everything™
Boston
London
Helsinki
IAM Center
Brussels & Paris
CA Infrastructure
Singapore
CA Infrastructure
Tokyo
Philippines
Offshore services
India
Offshore services
PKI & IAM experience and technology
to build high-volume, high-scale identity management
solutions for the billions of devices, people and things
comprising the Internet of Everything
>300
employees
>5,000
global partners
> 30,000
customers
>10m identities
issued,
2.5M live SSL Certs
Selected IAM References (Finland)
Public Sector
Energy & Industry
Finance
Retail & Service
https://www.fim.com/Suomi/
Key challenges in security for an IoT ecosystem
1. Stakeholders’ access to
relevant data
• Who owns the data?
• Who can access what?
2. Data integrity
• Can we trust the data?
3. Embedded security
• How to embed security in the
products?
• Design manufacturing
operations
Machinery/
solution vendor stakeholders
Subcontractor/partner stakeholders
Access/
ownership
Integrity
Embedded
security
Customer stakeholders
Functional building blocks for a secure IoT
ecosystem
1. Data access and ownership • Utilization levels and sensor data can be very valuable to competitors
• Certificates are the only real interoperable standard for device authentication
• In 2014, Dutch smart electricity meter roll-out cancelled due to privacy concerns
2. Data integrity • Meaningful business decisions can’t be made without valid (trusted) data
• Remote exploits are the worst consequence of blind trust
• In 2014, a German steel factory suffered massive physical damage from a cyberattack
3. Embedded security • Layered security is a must as devices might never get security updates
• Trusted root certificate can be stored in a secure hardware module
Identities and security for an IoT ecosystem Maturity model – On which level are you?
• Disconnected services
• No self service features
• Multiple user IDs Bu
sin
ess g
row
th, co
st
savin
gs, secu
rity
Equipment life-cycle management • Vendor proprietary solutions for monitoring, operation,
preventive maintenance services
• Device certificates
System life-cycle management • End-to-end system monitoring, optimization and preventive
maintenance services for plants and product lines etc.
• Identity and Access management (IAM), system wide
certificates
Enterprise ecosystem • Operational capacity as a service
• User access and role management for business systems: ERP,
MES, CRM
• Identity Relationship and Access Management (IRAM),
enterprise certificate solutions
3
2
1
Creating and supporting the IoT Ecosystem
Cloud
Service Cloud
Service Cloud
Service
Investor Investor
Finance & Investor community
Design Engineering
Specialist
Design & Engineering community
Service Maintenance
Expertise
Operations community
Certi
ficate
Industrial
Internet
Thing
Device related data
and services for
ecosystem
Ecosystem
communities
with users
of device related data Many complex B2B relationships
in device ecosystem
Manufacturing/Assembly phase Sales &Planning phase Delivery and Implementation
(Activation/Registration phase)
Operational lifecycle phase
Overview of the set-up and life-cycle phases
Thing
Certi
ficate
Manufacturing/Assembly phase Sales &Planning phase Delivery and Implementation
(Activation/Registration phase)
Operational lifecycle phase
Device certificate
Pre-installation
GlobalSign CustomerID
GlobalSign SSO
GlobalSign TRUST
GlobalSign ePKI Issuing
Provisioning
Certi
ficate Certi
ficate
Cloud
Service Cloud
Service Cloud
Service
Role based
access
Hotspot theme (welcome!)
How to embed security
in the products and services? Design Manufacturing Operations
IoT case example: SpiderCloud
Certificates used enable secure boot process, authenticate the antennae, and encrypt the data transmission to main appliance
76%
Use API to automatically embed during manufacturing & reissue throughout device lifespan
Embed certificates in their radio and service nodes to extend wireless coverage in buildings with poor coverage
CELLULAR SIGNAL AMPLIFIER
WHAT
WHY
HOW
Thank you!
www.globalsign.com
www.ubisecure.com
GlobalSign, founded in 1996, is a provider of
identity services for the Internet of Everything
(IoE), mediating trust to enable safe commerce,
communications, content delivery and community
interactions for billions of online transactions
occurring around the world at every moment.
www.globalsign.com
FI: + 358 9 251 77250
UK: + 44 1622 766766
EU: +32 16 89 19 00
Information