Pre-boarding with Private Beta
In our last post I wrote about our transition from hardware to software. The transition is now complete and we’re accepting customers into our private beta. So what are we doing? We’re securing IoT devices with one line of code, and this post will explain what that means.
McKinsey predicts IoT will bring $10 trillion in economic gains per year by 2025. Trustwave reports that security is the number one concern in IoT for corporate executives and consumers. Unfortunately, strong security is difficult to implement correctly in a device. To build an highly secure device resistant to physical tampering as well as network attacks, engineering houses will give you a $1 million estimate and a schedule that is close to a year long. Just implementing software-based TLS client authentication takes months to do correctly because it involves key custody and management both on the factory floor and in the cloud (more on this in a later post). Furthermore, if you have a highly resource-constrained device (e.g.- 8 bit microcontroller, which comprises a large percentage of IoT devices) strong security is almost impossible. IoT needs a solution that is both easy to implement and takes minimal resources, and that’s exactly what we deliver with the Trusted Communication Module (TCM).
A TCM is a communication component with built-in algorithms and credentials that work in tandem with a cloud infrastructure. In other words, all the aforementioned hard work of setting up the security infrastructure and provisioning keys is done before the TCM is shipped to you. All you have to do is call one API on the TCM and data is sent securely across the network to your data collection server. It truly is “one line of code”. Now if you want to process a response from the server, or send unsolicited data from the cloud to the device, a couple more lines will have to be written, but compared to current best practices TCMs are orders of magnitude simpler for you to integrate.
TCMs come in every form factor: chipset, module, daughtercard, USB modem, or Ethernet gateway. TCMs use standard-compliant security, mainly TLS 1.2 with mutual authentication (more on this in yet another future post). This meets the requirements of NIST, HIPAA, FIPS, IEEE 2030.5, and numerous other governmental or industry regulations. TLS can also be the security layer for HTTP, MQTT, and other application layer protocols. Our private beta runs HTTPS over cellular because this is the ideal setup for California Rule 21 Phase 2 in a commercial or residential installation.
Is the TCM for you? There are two main reasons why it might be- regulation and ROI. The regulation reason is obvious. If you manufacture a distributed energy resource (DER) device and need to comply with state and federal laws such as CA Rule 21 you need to be evaluating your compliance options now in order to continue selling your product come Q1 2019. If you are in healthcare, the FDA will soon mandate client authentication. ROI? That’s a more personal calculation. Adhering to NIST recommendations could be a valuable checkbox if you’re selling to the corporate executives that are concerned with security. With the TCM, the investment amount is low enough where you can actually experiment to see if this is a valuable feature. If it’s not, just turn off the subscription.
Should you apply our private beta? If you are affected by coming regulations and use cellular for connectivity then the answer is “yes”. If you view the TCM as a potential linchpin to your security strategy then the answer is also “yes” because you’ll have the chance to influence our product roadmap. We encourage you to apply early as we can only support a limited number of companies in our private beta.
If IoT is going to realize its massive potential, there needs to be an easy-to-implement, low-cost solution that makes strong security accessible to anyone. Our private beta launch brings us one step closer to this vision.
By Alfred Tom on May 1, 2018