Software Monetization Featured Article

Securing the Internet of Things: Protection = Monetization

July 06, 2015

Depending on which analyst study you read, within the next five years, the number of Internet of Things (IoT) devices will grow upwards of tenfold. In fact, many believe that based on the proliferation of IoT and Machine to Machine (M2M) deployments – from connected cars, video surveillance, mobile payments, and wearable medical devices – the estimates may be conservative.

Because the IoT is limited only by our imagination, the concept of enabling software-driven technology is also influencing rapid growth in M2M. It is clear that the need to protect “E”verything has made it more important than ever to consider and plan a security architecture right at the very beginning of design and development. Failure to identify and mitigate risks through a secure design and best practices for mission-critical and/or sensitive personal information could prove very costly for companies that are not extremely careful.

Fundamentally, if the key to IoT growth is security, trust, and increased control of the elements in our connected world, then it is entirely possible that current forecasts for growth are conservative. What that means to ISV’s is that Protection = Monetization.

I recently had the opportunity to discuss these challenges and opportunities with one of the world’s foremost experts on the subject, Laetitia Jay, Vice President M2M Solutions and Services at Gemalto.

TMCnet: Let’s start with the question on everyone’s mind: Can IoT and M2M devices and data be secured so that enterprises, governments, and end users have sufficient peace of mind for the industry to flourish and deliver fully on its promise?

Jay: The short answer is an emphatic yes! Gemalto (News - Alert) has been working on solutions to assure the security of all aspects of M2M deployments – devices, data, applications, networks, and the people who use them to evaluate the data – for a long time. We are rightfully considered pioneers in our field, and I should add that our acquisition of SafeNet (News - Alert) and its software monetization and data protection solutions has put us in the unique position of being able to protect everything and enable optimal monetization opportunities.

TMCnet: Before we go into detail about Gemalto’s approach to IoT/M2M protection and monetization, I’m curious to know whether you agree with the widely held belief that Big Data is going to play a huge role in terms of monetizing the value of IoT and M2M.

Jay: To a large degree, I believe that the value of data generated from sensors, and its analysis and correlation with other information, is a high-value aspect for evolving IoT/M2M ecosystems. However, there is money to be made at all levels of the value chain. It is really important to understand that IoT/M2M is not about Big Data . . . it is about Smart Data. That is what drives our innovations in this area. We want to enable our customers to derive the full value of actionable insights from data the connected world will be pushing at them, and we want them to not have to worry about that information being compromised at any step along the way.

TMCnet: Let’s talk about Gemalto’s view of protection and monetization. Can you describe for our readers the extent to which this smart data is protected and turned into actionable, end-to-end business intelligence?

Jay: Gemalto’s M2M/IoT offering relies on four main pillars: (i) protect the device, (ii) protect the network and connectivity, (iii) protect the application, and (iv) enable end-to-end security, allowing our customers to build, deploy, and operate end-to-end applications, by removing the complexity.

Inside the device, we are leveraging Gemalto’s key asset: our wireless modules and MIM. The first is the module that brings cellular connectivity to a device. The second is a SIM that is tailored for industrial M2M usage and brings authentication to the cellular network. We call those ruggedized SIM cards “MIMs” (Machine Identification Modules), and they are specifically designed to resist extreme temperatures, humidity, and corrosion. MIMs run a dedicated operating system to extend the life of the cards, which need to last not two years, but 10, 15, or 20 years.

TMCnet: So the device is secured via the SIM. What’s next?

Jay: Next, regarding the network and connectivity, we have a solution for quality of service and subscription management. We are providing quality of service and preventive maintenance services for example at telcos, in order to help them monitor and fulfill their SLAs. This entails client/server solutions that leverage both wireless modules and MIM.

In the critical area of applications, we are helping solution providers build, deploy, and operate vertical applications. We are providing a horizontal, device-agnostic IoT application enablement platform that has been designed to bridge the edge (a communication device linked to an asset, using multiple types of sensors and communication protocols) to the information system that turns collected data into business intelligence and actionable insights, and transforms big data into smart data. Using our cloud-based services, solution providers can focus on their business logic and core skills, and don’t have to worry about how to get real-time data from the devices. Overall security, from a holistic perspective, starts with the fundamental proposition that security, no matter what industry you are in, is all about TRUST. This means creating end-to-end trust by establishing an environment where trust is created for devices, networks, and data – whether at rest or on the move. When it comes to the IoT/M2M world, this must cover the entire ecosystem.

TMCnet: Do you have some recommendations for our readers on creating this trustworthy environment?

Jay: Let’s start with the fact that end-to-end security for the delivery of applications must not address only one element of the infrastructure. Gemalto addresses security in three pragmatic steps. These are:

1.Assess the security needs in the overall infrastructure. This means working closely with customers to ensure they know what matters, so they can protect it where it matters, when it matters.

2.Recommend appropriate security countermeasures when security breaches need to be covered from embedded software to secure elements.

3.As applications and devices in the IoT are going to live in the field for many years (sometimes up to 10 or 20 years), it is key to anticipate threats and be able to evolve. That is why we offer solutions to manage security throughout the lifecycle of an application.

TMCnet: The last point is one that tends to get overlooked; the hardware is actually going to be in the field for many years, but it’s the software that will need constant upgrading in terms of new information requirements and security. This presents a real challenge, does it not?

Jay: Yes. Security must be a basic design consideration from the start, including understanding the lifecycle, otherwise you are looking at technology refreshes that could be costly, time-consuming, and less than user-friendly. This is why Gemalto pays so much attention to developing solutions that will stand the test of time and have the agility to be easily managed and upgraded. When it comes to the possibilities of IoT/M2M, we may still be very early on in the learning curve, but we are focused on understanding what is likely to come next, and how to best serve the needs of our customers in a rapidly changing world. One of the reasons the SafeNet acquisition is so important is that it extends our capabilities, uniquely positioning us as providers of end-to-end trust in an industry that will always require it.

Edited by Dominick Sorrentino