There has been quite a lot of talk about security concerns as it relates to IoT devices and security. Businesses are constantly expanding their data streams and increasing productivity. Thus, they want to make sure that they are not opening themselves up to a ton of risk while they do so. Thankfully Azure IoT suite makes it quick and easy to securely connect your IoT devices to the cloud.
Before we get too far, its important to explain exactly what IoT security means.
- Devices – IoT devices that capture and send data
- Field Gateway – Devices that can aggregate data to and from devices
- Cloud Gateways – Endpoint that receives / sends data and commands to Field Gateways or directly do devices
- Services – The services that “do work” on the data that is received from the IoT devices (via the gateways)
IoT Security in Azure
The best way to make sure your application is secure is by leveraging threat modeling during the design/implementation phase. This forces the design of the application to take security into consideration instead of adding it on at the very end. Just like all of its other products, Microsoft leveraged threat modeling for the Azure IoT components.
I want to go through how Azure handles security across the various trust boundaries.
Device to Field Gateway
IoT Devices and Field gateways are very similar and usually connect in much the same way. Typically the security risks from a device to Field gateway perspective are physical- and/or hardware-related. This means it’s important to keep your IoT devices physically secure from harm and intrusions. While harm can be done while transmitting data to/from them, typically it’s more physical than digital.
Device / Field Gateway to Cloud Gateway
In Azure IoT, the Cloud gateway is called the IoT hub. The IoT hub uses time-sensitive security tokens to authenticate devices and services to avoid sending keys over the wire. Although this sounds complex, the Azure IoT SK’s provide simple and easy ways of automatically generating tokens. Here is a great walkthrough on how that’s done.
Inside the hub itself, you can set up Shared Access policies that allow devices that connect certain abilities inside of Azure. If configured correctly, this greatly reduces risk to data tampering since devices do not have have direct access to data stores, etc.
Cloud Gateway to Services
This is by far the easiest thing to secure in an IoT implementation. Azure IoT suite allows users to easily configure connections between the IoT hub and other components like Stream Analytics, Azure Data Lake, SQL Azure, etc. All of these components are only available in your own Azure subscription and should reside inside the same data center to prevent data from potentially being tampered with while in transit. However, this is incredibly unlikely since they are all Microsoft data centers. Since only you can access and configure the components and the data is processed and analyzed in the same data center, security risk is very low.
There is one important thing to remember about security in the Services zone. If you have any VPN’s to Azure, then that data is potentially vulnerable there. The normal VPN security should be taken in order to make sure that no one inside of your network can access the data.As you can see, IoT security is important. It can be easy if you understand the threats it poses and know how to mitigate them. Leveraging Azure IoT suite makes an IoT implementation quick and easy.
Want to try our free Internet of Things Workshop?
Want to know more about how you can boost the efficiency of your operations with IIoT? Enter your info to download our datasheet on our FREE 1/2-Day IoT Workshop. This datasheet will give you the details on the workshop, which will teach you how to:
- Improve efficiency: Gain access and control of connected devices and LOB assets to reduce costs.
- Enable innovation: Analyze data from multiple sources in near real-time to uncover trends and spot emerging problems.
- Transform your business: Move from reactive to preemptive scenarios and identify new business opportunities.