ThingWorx Users: How's your security? Learn how to enable unique device authentication with VerdeTTo.
The Internet of Things (IoT) is comprised of millions, and soon billions of devices connected to the Internet, including everything from medical equipment to energy grid meters to home appliances. Ensuring authenticity and securing the identity of these devices and their data is critical for the systems with which they connect.
Useful and secure data requires that every device and data transmission be authenticated and secured. These conditions share one common security requirement – a trusted device identity.
Enterprise IT requires a Directory... as does IoT
Every IT department relies on a Directory to keep track of users, PCs, servers, printers, and other resources. Each record contains a unique identifier, which is what allows the Directory, in concert with connected applications and services, to enforce security policy across the organization through authentication, authorization, and encryption. The same principal applies to IoT. Only a unique identifier- a device certificate- can ensure secure validation of device, data, and code. A shared token or key, or plain-text passwords, cannot.
CMS VerdeTTo is a high assurance cloud-based IoT Identity Directory, for the establishment of a Root of Trust, and the management of digital identities used in device authentication, data encryption, and execution of secure code. With CMS VerdeTTo you can issue a unique identity and digital certificate for each of your IoT devices, and have your IoT systems authenticate and authorize communication via Web API. Each deployment is customized for exact use-case requirements, and then fully managed, cutting design and deployment time and eliminating ongoing management of the infrastructure. Leverage the flexibility and scalability of Cloud to ensure that security infrastructure does not hold back your business as it grows, and as new projects or requirements come online.
The VerdeTTo IoT Access Valve, together with the CMS VerdeTTo IoT Identity Platform, enable the performance of additional validation of inbound requests to the ThingWorx platform, based on unique client certificates and their extended attributes. It offers features such as:
CMS VerdeTTo allows for the identification of unique data collection points and the validation of their data without the need to build complex, resource-intensive, and costly identity management frameworks. Eliminating the complexity of managing trust for a growing fleet of devices allows businesses to focus on data collection and making actionable decisions rather than wasting time on the logistics of security. CMS VerdeTTo ensures that essential security pre-requisites are met so that the authenticity of each device, integrity of its communication, and validity of its data do not hinder business objectives. As a result, businesses can trust their device fleets, fully leverage collected data, filter out illegitimate or unwanted data, and detect compromised or counterfeit devices.
In the world of connected devices, devices will communicate over an open medium such as the Internet. The unique identity issued to each device (or to each device gateway) is used whenever that device is required to identify itself and/or transmit data back to a business, application, or individual. As a result, the integrity of the device and its data are preserved. The device’s identity and associated trust chain also allow for restriction of device management and software updates to select entities and signed code.
Communication between device and application, whether on-premise or in the cloud, will be established only after successful authentication and authorization of the device’s unique identity. The network tunnel and data transfer between the endpoints will also be encrypted, resulting in validated data (confirmed to be from the actual device and confirmed to be genuine data collected by the device). Eliminating the uncertainty of data providers and their data results in security and value for business applications.
The identities issued by CMS VerdeTTo are based on robust industry standards that support both issuance of an unlimited number of identities and establishment of trust chains between the device and its originating source. The method in which CMS VerdeTTo creates identities allows for scalability in the millions. CMS VerdeTTo identities are operating system agnostic, and its standards respected by all applications and protocols. CMS VerdeTTo offers the ability to securely transfer the identities onto a myriad of devices, in a secure manner that eliminates forged identities being used by counterfeit devices or data collection points.
Within the CMS VerdeTTo structure of identities, it is possible to designate specific project containers in order to either limit the connection between projects or separate them altogether. CMS VerdeTTo facilitates the expansion of projects and proliferation of devices within projects based on its flexible implementation and consumption models.
CMS VerdeTTo can be a standalone cloud-based platform, that does not require integration with internal IT infrastructure or operations. CMS VerdeTTo is managed by CSS, eliminating the need for routine maintenance, upgrades, or periodic health checks and assessments. Regular reporting is available in order to keep track of the device identities issued.
With every deployed device holding a unique ID, all interactions with that device, and especially data collection, are now done with a high level of security assurance. The ability to strongly authenticate your devices and confidently trust their data results in greater authenticity for your core business and mitigates security and regulatory risks associated with devices or data being maliciously accessed and used.